» sudbyzquxqus.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

sudbyzquxqus.exe

The executable sudbyzquxqus.exe has been detected as malware by 40 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘sudbyzquxqus’. While running, it connects to the Internet address portaldyn-pool1-nc3.isp.belgacom.be on port 25.

File name:

sudbyzquxqus.exe

MD5:

e72ddb456513b8c800eeab0c00e1750f

SHA-1:

684f0f5d15370385a9f2a754b6bd72eef8a1d14a

SHA-256:

607a516dd2c132671a46de822f31edd746d389cdfd95aedc5d3cbf173998f1ce

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

4/19/2024 2:09:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KDV.763665

360

AegisLab AV Signature

Backdoor.W32.Pushdo.ih!c

2.1.4+

Agnitum Outpost

Trojan.Wigon

7.1.1

AhnLab V3 Security

Win-Trojan/Cutwail.53248

2016.01.30

Avira AntiVirus

TR/Dldr.Cutwail.BS.45

8.3.2.4

Arcabit

Trojan.Generic.KDV.DBA711

1.0.0.646

avast!

Win32:Dropper-gen [Drp]

2014.9-160210

AVG

BackDoor.Generic15

2017.0.2838

Baidu Antivirus

Trojan.Win32.Wigon

4.0.3.16210

Bitdefender

Trojan.Generic.KDV.763665

1.0.20.205

Bkav FE

W32.WinsvcLR.Trojan

1.3.0.7400

Comodo Security

Heur.Suspicious

24039

Dr.Web

Trojan.DownLoader6.62576

9.0.1.041

Emsisoft Anti-Malware

Trojan.Generic.KDV.763665

8.16.02.10.03

ESET NOD32

Win32/Wigon.PB

10.12948

Fortinet FortiGate

W32/Pushdo.IH!tr.bdr

2/10/2016

F-Prot

W32/Downldr2.IYVD

v6.4.7.1.166

F-Secure

Trojan.Generic.KDV.763665

11.2016-10-02_4

G Data

Trojan.Generic.KDV.763665

16.2.25

IKARUS anti.virus

Backdoor.Win32.Pushdo

t3scan.2.0.4.0

K7 AntiVirus

Trojan

13.213.18582

Kaspersky

Backdoor.Win32.Pushdo

14.0.0.684

Malwarebytes

Trojan.Cutwail

v2016.02.10.03

McAfee

Generic.nk

5600.6494

Microsoft Security Essentials

TrojanDownloader:Win32/Cutwail.BS

1.1.12400.0

MicroWorld eScan

Trojan.Generic.KDV.763665

17.0.0.123

NANO AntiVirus

Trojan.Win32.DownLoader6.zvycm

1.0.14.5798

nProtect

Trojan/W32.Agent.53248.DIZ

16.01.29.01

Panda Antivirus

Trj/Agent.MIZ

16.02.10.03

Qihoo 360 Security

HEUR/Malware.QVM07.Gen

1.0.0.1077

Quick Heal

Trojan.Pushdo.rw3

2.16.14.00

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16208

Sophos

Mal/Generic-L

4.98

Total Defense

Win32/Cutwail.BVI

37.1.62.1

Trend Micro House Call

TROJ_SPNR.14JO12

7.2.41

Trend Micro

TROJ_SPNR.14JO12

10.465.10

Vba32 AntiVirus

Malware-Cryptor.Wagon

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

46838

ViRobot

Backdoor.Win32.A.Pushdo.53248[h]

2014.3.20.0

Zillya! Antivirus

Backdoor.Pushdo.Win32.87

2.0.0.2638

File size:

52 KB (53,248 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\user\sudbyzquxqus.exe

File PE Metadata

Compilation timestamp:

2/9/2008 1:11:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:NqA5ufEL84Wd/sxCZuhY5//BrpUnNNyOoI7:N8fEL848/sERnSvyOo

Entry address:

0x82D3

Entry point:

55, 8B, EC, 6A, FF, 68, 28, C1, 00, 04, 68, B4, 91, 00, 04, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 80, C0, 00, 04, 33, D2, 8A, D4, 89, 15, 64, E6, 00, 04, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 60, E6, 00, 04, C1, E1, 08, 03, CA, 89, 0D, 5C, E6, 00, 04, C1, E8, 10, A3, 58, E6, 00, 04, 33, F6, 56, E8, 4D, 0D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, C0, 04, 00, 00, FF, 15, 7C, C0, 00, 04, A3, 78, FB, 00, 04, E8... 
[+]

Entropy:

7.3402

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

42 KB (43,008 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

sudbyzquxqus

Command:

C:\users\user\sudbyzquxqus.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.worldnet.co.nz (202.169.192.35:80)

TCP (SMTP):

Connects to portaldyn-pool1-nc3.isp.belgacom.be (195.238.25.201:25)

Remove sudbyzquxqus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.