home

multi client by schokk.exe

Copyright © Powered© by Schokk 2017

The executable multi client by schokk.exe, “MulTi_Client_By_Schokk” has been detected as malware by 5 anti-virus scanners. While running, it connects to the Internet address s43.ucoz.net on port 80 using the HTTP protocol.
Publisher:
Copyright © Powered© by Schokk 2017

Product:
Copyright © Powered© by Schokk 2017

Description:
MulTi_Client_By_Schokk

Version:
1.0.0.0

MD5:
ee4ca1f8e1dc9605d882a64a495036ad

SHA-1:
a13368a472477ab93b78c60734bb6b9873b398a2

SHA-256:
971b420dcbfb16584c0d5bb58eed6a20a5af199ec8c91e7872fbb9cddb5cc538

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/23/2024 6:42:46 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Inject.cduve
8.3.3.4

ESET NOD32
MSIL/DllInject.OL potentially unsafe (variant)
11.14913

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Generic!2y9xs97ZgWT@6 (thunder)
23.00.65.17208

Vba32 AntiVirus
Malware-Cryptor.Inject.gen
3.12.26.4

File size:
1.1 MB (1,131,520 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Powered© by Schokk 2017

Original file name:
MulTi_Client_By_Schokk.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
2/9/2017 11:17:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xED45E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3689

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
941.5 KB (964,096 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s43.ucoz.net  (195.216.243.43:80)

Remove multi client by schokk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.