pugwindows.exe

Yiqejo Yxubv

Cxkyrt Weezb

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘pugwindows.exe’.
Scan pugwindows.exe - Powered by Reason Core Security
Publisher:
Cxkyrt Weezb

Product:
Yiqejo Yxubv

Description:
Yiqejo Kyckp Pntpq Xuldcre

Version:
14.1.4595.55761

MD5:
6120c20d85520a5a35a91526b4cabe31

SHA-1:
e01045645085e4530afc6fa2bd278ae2b6b9ea29

SHA-256:
fb8af9c5ac273f29e0b9f776a645241b7ea1e8e03fd1569b731d9d750fe048c1

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/5/2016 3:42:42 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Luhe.Fiha.A
2015.0.3448

CMC Antivirus
Packed.Win32.Katusha.3!O
1.1.0.977

ESET NOD32
Win32/Kryptik.CEAF trojan
7.0.302.0

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

File size:
208 KB (212,992 bytes)

Product version:
14.1.4595.55761

Copyright:
Copyright © Cxkyrt Weezb

Original file name:
Yiqejo.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\pugwindows.exe

File PE Metadata
Compilation timestamp:
4/17/2014 12:23:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:tu1p72gmN4QA7e//HPpajus0L3VyrGL4zujk6Ad9Bxbf5X:tu37hQ3Ba6se468L

Entry address:
0x39E9

Entry point:
55, 8B, EC, 83, EC, 18, 57, 56, 53, 33, F6, E8, B4, 0C, 00, 00, EB, 5D, 68, 38, 03, 41, 00, 8B, DD, 03, 1D, FC, F5, 40, 00, 8D, 4D, F4, 89, 19, FF, 75, F4, 8B, 4D, E4, 89, 4D, F0, FF, 75, F0, 8B, 7D, E0, 89, 7D, FC, FF, 75, FC, 8B, 55, DC, 89, 55, E8, FF, 75, E8, 68, F8, F4, 40, 00, 68, 98, 00, 41, 00, 8B, 0D, E8, F7, 40, 00, 89, 0D, 1C, 00, 41, 00, A3, E0, 00, 41, 00, FF, 35, E0, 00, 41, 00, 68, 1C, 00, 41, 00, E8, 7A, 00, 00, 00, EB, 14, 83, 3D, AC, F7, 40, 00, 01, 74, 02, EB, 98, 33, C0, 5B, 5E, 5F, 8B...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
14 KB (14,336 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
pugwindows.exe

Command:
C:\users\{user}\appdata\roaming\microsoft\pugwindows.exe


Scan pugwindows.exe - Powered by Reason Core Security