home

open.exe

The executable open.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address h8.ihc.ru on port 80 using the HTTP protocol.
MD5:
091b375a30711c032fd322b48d701d76

SHA-1:
a5c299d58f02f45479f27a4f316af60a9798ac0f

SHA-256:
43e2be8eda459e9a31f23cfff86223deb36aa745b003f0941ca9a85fc997e138

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/23/2024 2:45:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.23.6

File size:
3.8 MB (3,993,691 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
7/30/2010 8:19:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:U8xqzA534gmF6duoxh5tkhH5OqYqlNFJqWdCelx4xT858M1:Ui9mFiDhPyHYJOFkWUelxd

Entry address:
0x31754D

Entry point:
55, 8B, EC, 6A, FF, 68, 48, D0, 74, 00, 68, 70, 2C, 71, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, AC, A1, 73, 00, 33, D2, 8A, D4, 89, 15, D4, EE, 83, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, D0, EE, 83, 00, C1, E1, 08, 03, CA, 89, 0D, CC, EE, 83, 00, C1, E8, 10, A3, C8, EE, 83, 00, 6A, 01, E8, 2B, 2E, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 7F, 26, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.7273

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.2 MB (3,379,200 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to h8.ihc.ru  (91.218.229.20:80)

Remove open.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.