home

sielu_mh.exe

The executable sielu_mh.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot. The file has been seen being downloaded from przeklej.org.
MD5:
507e5a060a0ee5d506041ae61cb0ec50

SHA-1:
4c67347356a61c8a44c4a128e7704c728ec96196

Scanner detections:
9 / 68

Status:
Malware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
5/21/2024 8:49:45 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.TPM.Gen
8.3.2.4

Bkav FE
W32.HfsAutoB
1.3.0.7400

ESET NOD32
Win32/Packed.Themida suspicious (variant)
10.12901

Malwarebytes
Trojan.MalPack
v2016.01.22.06

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1077

Sophos
Mal/EncPk-DW
4.98

Trend Micro House Call
PAK_Crypt
7.2.22

Trend Micro
PAK_Crypt
10.465.22

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
46650

File size:
1.2 MB (1,226,752 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\pc\pulpit\tanrical\malygos oficjalny klient 2015-12-12\malygos oficjalny klient\sielu_mh.exe

File PE Metadata
Compilation timestamp:
1/18/2016 8:08:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:9Sq8f8pLilBtK51tvkAlhQkSEZLarHVJyKFCoIFurjNH+dh:gsLilBtG1tdzDLuDyOTYL

Entry address:
0x32D000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, A0, 12, 00, 2D, 00, 82, 0C, 10, 05, F7, 81, 0C, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 22, E9, 2A, 43, 68, 17, AC, CD, 3F, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 6A, EA, 50, 47, EA, F2, 63, 40, DA, E8, 00, C2, 9A, A0, 93, F0...
 
[+]

Code size:
4.5 KB (4,608 bytes)

The file sielu_mh.exe has been seen being distributed by the following URL.

http://przeklej.org/file/.../Ff0RJr3o9l2uACk4hvTB

Remove sielu_mh.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.