» roqsyfifqitj.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

roqsyfifqitj.exe

The executable roqsyfifqitj.exe has been detected as malware by 21 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘roqsyfifqitj’. While running, it connects to the Internet address host.12.Static.shakeyspizza.ph on port 80 using the HTTP protocol.

File name:

roqsyfifqitj.exe

MD5:

170dab446494d7f7694b5182c9d3a75e

SHA-1:

cd72654fd5a733e5a499eaaa98de483a9a3d02e1

SHA-256:

1ad5e2185151dfdcc0bbf60f7badc993280d22070f00b000587ce1455b43cc37

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/24/2024 11:58:46 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1647015

1017

Avira AntiVirus

TR/Wigon.A.20

7.11.144.142

avast!

Win32:Zbot-TMI [Trj]

2014.9-140424

AVG

Zbot

2015.0.3495

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.14424

Bitdefender

Trojan.GenericKD.1647015

1.0.20.570

Dr.Web

Trojan.PWS.Panda.5676

9.0.1.0114

Emsisoft Anti-Malware

Trojan.GenericKD.1647015

8.14.04.24.05

ESET NOD32

Win32/Injector.BCFA (variant)

8.9701

Fortinet FortiGate

W32/Cutwail.CRP!tr

4/24/2014

F-Secure

Trojan.GenericKD.1647015

11.2014-24-04_5

G Data

Trojan.GenericKD.1647015

14.4.24

IKARUS anti.virus

Virus.Win32.CeeInject

t3scan.1.6.1.0

Kaspersky

Trojan.Win32.Cutwail

14.0.0.3969

McAfee

RDN/Ransom!ee

5600.7151

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!KK

1.10502

MicroWorld eScan

Trojan.GenericKD.1647015

15.0.0.342

nProtect

Trojan.GenericKD.1647015

14.04.20.01

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.F47V0418

7.2.114

Trend Micro

PAK_Generic.001

10.465.24

File size:

112 KB (114,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\monia\roqsyfifqitj.exe

File PE Metadata

Compilation timestamp:

4/6/2014 6:34:28 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

1536:kQvDFNo8KZzrRNIK4G5ehsXb70ixw0S4mJx3mPlBcCX/PiQnIvvWimyPjBzV7kRF:kiGx9ehu70ixwB0DhvaXvvWih9exy433

Entry address:

0x1D22

Entry point:

55, 8B, EC, 6A, FF, E9, 6F, 01, 00, 00, 68, 46, 35, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, E8, 1A, F3, FF, FF, 90, 59, 83, 0D, 58, 64, 40, 00, FF, 83, 0D, 5C, 64, 40, 00, FF, E8, A5, 03, 00, 00, 90, 8B, 0D, 4C, 64, 40, 00, 89, 08, E8, 17, 08, 00, 00, 90, 8B, 0D, 48, 64, 40, 00, 89, 08, A1, 58, 42, 40, 00, 8B, 00, A3, 54, 64, 40, 00, E8, C6, 09, 00, 00, 39, 1D, E0, 60, 40, 00, 75, 0C, 68, 26, 11, 40, 00, 90, 90... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

12 KB (12,288 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

roqsyfifqitj

Command:

C:\users\monia\roqsyfifqitj.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to host.12.Static.shakeyspizza.ph (122.55.79.88:80)

Remove roqsyfifqitj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.