» snapchat.exe
Overview
Analysis
File Details
Network (1)

snapchat.exe

A9KE

The executable snapchat.exe has been detected as malware by 8 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address upload.ee on port 443.

File name:

snapchat.exe

Product:

A9KE

Version:

1.0.0.0

MD5:

1dcb397f78ce503ed1520a5dec93f2b4

SHA-1:

8ac7b8ab8991448a21965b5272b3987a88cafbdc

SHA-256:

fabcdda04e218fa42105e19d5b48d9115551722e63bb8ab993f867555f8ffd79

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

4/26/2024 12:58:39 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Downloader.MSIL

2018.0.2507

Dr.Web

Trojan.DownLoader22.27453

9.0.1.05

ESET NOD32

MSIL/TrojanDownloader.Agent.BLM (variant)

11.14719

Fortinet FortiGate

MSIL/Agent.BOH!tr.dldr

1/5/2017

IKARUS anti.virus

Trojan-Dropper

0.1.3.4

Kaspersky

HEUR:Trojan.MSIL.Tpyn

14.0.0.-968

Panda Antivirus

Trj/GdSda.A

17.01.05.02

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

File size:

29 KB (29,696 bytes)

Product version:

1.0.0.0

Original file name:

A9KE.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\compressed\snapchat\snapchat.exe

File PE Metadata

Compilation timestamp:

1/5/2017 4:29:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

Entry address:

0x5B7E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.8937

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

15 KB (15,360 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to upload.ee (37.187.167.53:443)

Remove snapchat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.