» mu.exe
Overview
Analysis
File Details
Network (2)

mu.exe

The executable mu.exe has been detected as malware by 17 anti-virus scanners. While running, it connects to the Internet address mail.phanmemvang.com.vn on port 80 using the HTTP protocol.

File name:

mu.exe

MD5:

35e1a19d09bf2c52379617b67d9521d6

SHA-1:

9fd28c1056ca137feb20d7600197d49a1a1d59c2

SHA-256:

db3a14ea5c5d196b4e02598f62d6195d9eecdd01bf964861ebfe76e360915870

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

6/22/2025 10:29:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14501746

545

Avira AntiVirus

TR/Rogue.855040.7

8.3.1.6

Arcabit

Trojan.Generic.DDD4772

1.0.0.425

Bitdefender

Trojan.Generic.14501746

1.0.20.1105

Bkav FE

HW32.Packed

1.3.0.6979

Emsisoft Anti-Malware

Trojan.Generic.14501746

8.15.08.09.08

F-Secure

Trojan.Generic.14501746

11.2015-09-08_1

G Data

Trojan.Generic.14501746

15.8.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.207.16681

McAfee

Artemis!35E1A19D09BF

5600.6679

MicroWorld eScan

Trojan.Generic.14501746

16.0.0.663

nProtect

Trojan.Generic.14501746

15.07.23.01

Quick Heal

(Suspicious) - DNAScan

8.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.18C9FACA!415890122

23.00.65.15807

Trend Micro

TROJ_GEN.R0C1C0EGE15

10.465.09

VIPRE Antivirus

Trojan.Win32.Generic

42314

File size:

835 KB (855,040 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:WjQk+C3YV9eVSTvIEHmlbkQqmfMhRo7C:Wk7CoV9eVSbkl4UfGD

Entry address:

0x1F1030

Entry point:

50, 60, 29, C0, 64, FF, 30, E8, 00, 00, 00, 00, 5D, 83, ED, 3C, 89, E8, 89, A5, 14, 00, 00, 00, 2B, 85, 1C, 00, 00, 00, 89, 85, 1C, 00, 00, 00, 8D, 85, 27, 03, 00, 00, 50, 8B, 00, 85, C0, 0F, 85, C0, 00, 00, 00, 8D, BD, 5B, 03, 00, 00, 8D, B5, 43, 03, 00, 00, E8, DD, 00, 00, 00, 89, 85, 1F, 03, 00, 00, 6A, 40, 68, 00, 10, 00, 00, 8B, 85, 28, 00, 00, 00, 50, 6A, 00, FF, 95, 1F, 03, 00, 00, 85, C0, 75, 0B, 8D, 85, C7, 02, 00, 00, E8, CD, 00, 00, 00, 89, 85, 23, 03, 00, 00, B9, 28, 00, 00, 00, 01, E9, 51, 50... 
[+]

Entropy:

7.8145

Packer / compiler:

Protection Plus

Code size:

505 KB (517,120 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to mail.phanmemvang.com.vn (125.212.217.80:80)

TCP (HTTP):

Connects to 125.235.4.59.adsl.viettel.vn (125.235.4.59:80)

Remove mu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.