home

psychicdoommustart.exe

<BoR Team>

The executable psychicdoommustart.exe has been detected as malware by 7 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler. While running, it connects to the Internet address ns310646.ovh.net on port 80 using the HTTP protocol.
Publisher:

Product:
<MU Anti-Cheat System>

Version:
1.0.2.350

MD5:
b154a252c6c80850fd23af116197cc88

SHA-1:
d82ae13356f36fcc7519619ff156514c86c76d65

SHA-256:
6db4984fc72e883124cacbeb4025bc94a55c01c9d167d29f1ead13f61f6bb6e0

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
7/6/2025 8:12:20 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

Avira AntiVirus
TR/Agent.cada.17781
7.11.123.246

Bkav FE
HW32.CDB
1.3.0.4613

Comodo Security
Heur.Suspicious
17572

McAfee
Artemis!B154A252C6C8
5600.7152

Norman
Spywad.MCC
11.20140423

Trend Micro House Call
TROJ_GEN.R0CBH0AJ513
7.2.113

File size:
3 MB (3,104,256 bytes)

Product version:
1.0.2.350

Copyright:
Developed by S@nek © Copyright 2008-2010

Trademarks:
<BoR Team>

Original file name:
Launcher.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
3/9/2010 7:49:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:lwKNpaoqn2Pks8iOjJdrQsGkSMFUrxUTrhz7Via8RU8OPxEEw8Y69xStn1Ar:yKNcoZcvr9wIUuTrhz07e8OJk85xS4r

Entry address:
0xA4F000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, 10, 10, 00, 2D, FC, E3, 60, 00, 05, F1, E3, 60, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, C3, FB, 0B, 1F, 68, B5, D5, 4A, 12, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 64, 48, D6, 30, 52, 67, 48, 9F, BB, 0B, 8B, 7C, 3F, 52, A4, A9, C3, 38, 6A...
 
[+]

Entropy:
7.9420  (probably packed)

Code size:
2.6 MB (2,760,704 bytes)

Scheduled Task
Task name:
{6F8BF139-4416-4B00-8ED3-884A728871FE}

Trigger:
Registration (Runs on registration)


Windows Firewall Allowed Program
Name:
C:\Documents and Settings\Cheche\Desktop\Psychic-doom 97j\PsychicDoomMUStart.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns310646.ovh.net  (188.165.202.164:80)

Remove psychicdoommustart.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.