» score.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

score.exe

The executable score.exe has been detected as malware by 28 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “scores”. While running, it connects to the Internet address beta.on-sys.net on port 80 using the HTTP protocol.

File name:

score.exe

Version:

1.0.0.0

MD5:

353a2a82c174560b158651f1d5b1aed1

SHA-1:

b125c20a2dbcfd9d6222d6c53ddfdd4f44e280d6

SHA-256:

d9e3be6df177bee4b511ecab169952e7932743bef3a18f2b53e35e9d7be9bb95

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/23/2024 1:28:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11989936

805

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/Rogue.11989936.1

7.11.182.186

avast!

Win32:Dropper-gen [Drp]

2014.9-141121

AVG

Agent5

2015.0.3283

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.141121

Bitdefender

Trojan.Generic.11989936

1.0.20.1625

Emsisoft Anti-Malware

Trojan.Generic.11989936

8.14.11.21.09

ESET NOD32

Win32/Agent.WGA (variant)

8.10656

Fortinet FortiGate

W32/Agentb.BHBE!tr

11/21/2014

F-Secure

Trojan.Generic.11989936

11.2014-21-11_6

G Data

Trojan.Generic.11989936

14.11.24

IKARUS anti.virus

Trojan.Agent5

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13866

Kaspersky

Trojan.Win32.Agentb

14.0.0.2910

Malwarebytes

Trojan.ZBAgent.NS

v2014.11.21.09

McAfee

Artemis!353A2A82C174

5600.6939

MicroWorld eScan

Trojan.Generic.11989936

15.0.0.975

NANO AntiVirus

Trojan.Win32.Agentb.dgznff

0.28.6.62995

Norman

Suspicious_Gen4.HDOFH

11.20141121

nProtect

Trojan.Generic.11989936

14.10.31.01

Qihoo 360 Security

Win32/Trojan.065

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.21.21

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.TPOZWTC

37.0.11258

Vba32 AntiVirus

Trojan.Agentb

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

34448

Zillya! Antivirus

Trojan.Agentb.Win32.5903

2.0.0.1974

File size:

4.6 MB (4,834,816 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\score.exe

File PE Metadata

Compilation timestamp:

10/17/2014 7:05:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

98304:pB3kg7BXUPDg+w9DdiolSboN4qEewRP3vs:7yHsddSbQqRPk

Entry address:

0x2274

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, E0, 74, 00, A1, 9F, E0, 74, 00, C1, E0, 02, A3, A3, E0, 74, 00, 52, 6A, 00, E8, C5, A1, 34, 00, 8B, D0, E8, 1A, 68, 32, 00, 5A, E8, 3C, 67, 32, 00, E8, 6B, 69, 32, 00, 6A, 00, E8, 5C, 2D, 33, 00, 59, 68, 48, E0, 74, 00, 6A, 00, E8, 9F, A1, 34, 00, A3, A7, E0, 74, 00, 6A, 00, E9, 57, 1B, 33, 00, E9, 8E, 2D, 33, 00, 33, C0, A0, 91, E0, 74, 00, C3, A1, A7, E0, 74, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, F0, 00, 00, 00, 0B, C9... 
[+]

Entropy:

6.6993

Code size:

3.3 MB (3,461,120 bytes)

Service

Display name:

scores

Type:

Win32OwnProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to beta.on-sys.net (195.22.28.210:80)

Remove score.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.