home

ovpn.exe

The executable ovpn.exe has been detected as malware by 29 anti-virus scanners. The file has been seen being downloaded from www.weebly.com.
MD5:
9a93eb374eaf21e6363b1cbcf8df8e22

SHA-1:
516e31130715fa40baa5b72da02edcce174943d4

SHA-256:
e096a80f92201bbc2e5617d7d84e7d4d20fc05bec3f630cf961dfea4121cb382

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
4/25/2024 11:09:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.8792206
289

Agnitum Outpost
Trojan.Refroso
7.1.1

Avira AntiVirus
TR/Refroso.fbsy
7.11.144.142

avast!
Win32:Malware-gen
2014.9-160420

AVG
Generic31
2017.0.2767

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.16420

Bitdefender
Trojan.Generic.8792206
1.0.20.555

Comodo Security
UnclassifiedMalware
18139

Dr.Web
BackDoor.Bifrost.19762
9.0.1.0111

Emsisoft Anti-Malware
Trojan.Win32.Refroso
8.16.04.20.08

ESET NOD32
Generik.GQYXTJD (variant)
10.9702

F-Secure
Trojan.Generic.8792206
11.2016-20-04_4

G Data
Trojan.Generic.8792206
16.4.24

IKARUS anti.virus
Backdoor.Win32.Bifrose
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11806

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.331

Malwarebytes
Trojan.Agent
v2016.04.20.08

McAfee
RDN/Generic BackDoor!ta
5600.6423

MicroWorld eScan
Trojan.Generic.8792206
17.0.0.333

NANO AntiVirus
Trojan.Win32.Bifrost.cdtqmg
0.28.0.59288

Norman
Troj_Generic.OTCRE
11.20160420

nProtect
Trojan/W32.Agent.226430.B
14.04.20.01

Panda Antivirus
Bck/Bifrost.gen
16.04.20.08

Qihoo 360 Security
HEUR/Malware.QVM05.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0EI413
7.2.111

Trend Micro
TROJ_GEN.R0CBC0EI413
10.465.20

Vba32 AntiVirus
Trojan.Refroso
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28442

File size:
221.1 KB (226,430 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\vpon\ovpn.exe

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:J1aGhAsIcXRnvoH5E+ynEfT/WDe5kRSKcU/1x/S705Co2CBvKV51K3uR2JT9qVjR:3asDIiRn+oEfC/w0L2RFAhUj3GI

Entry address:
0x2B7A4

Entry point:
55, 8B, EC, 83, C4, F0, B8, C4, B6, 42, 00, E8, 80, A8, FD, FF, EB, 39, DD, 05, CC, D8, 42, 00, D8, 25, 0C, B8, 42, 00, DD, 1D, CC, D8, 42, 00, 9B, DD, 05, CC, D8, 42, 00, D8, 05, 0C, B8, 42, 00, DD, 1D, D4, D8, 42, 00, 9B, DD, 05, D4, D8, 42, 00, D8, 05, 0C, B8, 42, 00, DD, 1D, CC, D8, 42, 00, 9B, DD, 05, CC, D8, 42, 00, D8, 1D, 10, B8, 42, 00, DF, E0, 9E, 72, B6, E8, EF, 3F, FF, FF, E8, 92, 85, FD, FF, 00, 00, 00, 00, 80, 3F, 28, 6B, 6E, 4E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0381

Developed / compiled with:
Microsoft Visual C++

Code size:
170.5 KB (174,592 bytes)

The file ovpn.exe has been seen being distributed by the following URL.

http://www.weebly.com/uploads/2/2/1/6/.../pro2.exe

Remove ovpn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.