» OctoplusShell.exe
Overview
Analysis
File Details
Network (2)

OctoplusShell.exe

Octoplus Shell

Octoplus team

The executable OctoplusShell.exe, “Octoplus Shell software” has been detected as malware by 10 anti-virus scanners. While running, it connects to the Internet address ip-91.237.107.4.alpha.cv.ua on port 21.

File name:

OctoplusShell.exe

Publisher:

Octoplus team

Product:

Octoplus Shell

Description:

Octoplus Shell software

Version:

1,1,6,762

MD5:

ef61957d8a40203c564989696a9c37fb

SHA-1:

998c2f1da32b492662a4f841ca838e1f38287d7f

SHA-256:

4883fcf13e1e13db8d203a41d92dfd7554c07f6dd1e77905fdd622adeaef8035

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

5/14/2024 4:36:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14546284

617

Bitdefender

Trojan.Generic.14546284

1.0.20.740

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Trojan.Generic.14546284

8.15.05.28.05

F-Secure

Trojan.Generic.14546284

11.2015-28-05_5

G Data

Trojan.Generic.14546284

15.5.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.9.0

MicroWorld eScan

Trojan.Generic.14546284

16.0.0.444

nProtect

Trojan.Generic.14546284

15.05.22.01

Trend Micro House Call

Suspicious_GEN.F47V0519

7.2.148

File size:

5.8 MB (6,107,136 bytes)

Product version:

1,1,6,762

Octoplus team

Trademarks:

Octoplus

Original file name:

OctoplusShell.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\octoplus\octoplus_shell\octoplusshell.exe

File PE Metadata

Compilation timestamp:

4/10/2015 2:50:27 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:BgsH/vhGZcrNA5TzgEuVI5K75G9hwxkwyPoQls5SGvW1pCwqJgIFnxHw26ld:ysB1gTzHGI5i5G9m6rP+EGvPZW6nxQH

Entry address:

0x78B6B5

Entry point:

E8, 61, CA, 59, 00, 11, 94, 51, 5B, 6E, F9, 94, B1, 8D, 71, 37, AF, DA, 93, B6, 54, 65, 12, AB, ED, 14, 7F, 3A, 45, 68, 7C, 6D, EE, 77, F9, 94, AC, C5, 06, 73, A7, A2, B8, 7D, 44, 09, 26, 58, 35, 52, 36, 1A, E8, 53, 11, 09, 10, 57, 06, 7F, B2, EB, BF, 0C, C9, 76, CA, 33, 07, C6, 25, 9A, 3B, AE, 02, 2A, 46, F2, D7, 3A, 9C, 5E, 65, 5A, 86, DF, 30, AD, 48, 6E, 65, 95, E0, B4, 33, 24, 5F, 16, 56, 1F, A3, 5C, F6, 88, 83, 2A, 11, 11, 0B, 84, 49, 48, 35, CD, 1E, B7, 85, E0, E4, B5, 96, BC, 9E, F5, 1C, F1, 0E, DD... 
[+]

Entropy:

7.9070 (probably packed)

Code size:

3.3 MB (3,458,560 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (FTP):

Connects to ip-91.237.107.4.alpha.cv.ua (91.237.107.4:21)

Remove OctoplusShell.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.