home

toxicles.exe

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Himcospaz’.
MD5:
7b3b17b04c95143f2ba70e04da9c3fd0

SHA-1:
41d19d8fa7cb6fe8ffb1a70253e5bfaae1550178

SHA-256:
db24a9ff7c79e122de1d1199b659bc1a51b2ea56f9f9cfe3dacf579c05559d8a

Scanner detections:
8 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/11/2024 2:57:00 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Hacktool.Win32.Packed.Themida
4.0.3.15522

Bkav FE
W32.HfsAutoB
1.3.0.6379

Comodo Security
TrojWare.Win32.Agent.COC
22094

ESET NOD32
Win32/Packed.Themida suspicious (variant)
9.11615

K7 AntiVirus
Trojan
13.203.15889

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA EB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0505
7.2.142

File size:
4.3 MB (4,496,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\toxicles.exe

File PE Metadata
Compilation timestamp:
5/4/2015 4:27:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:WiQguJCpTOR/wB8LoLNXHaLUYRgij9BdxRy0+hFTsQRWTUsOLI:ASOR4QoL9BiJ/yNTHETbb

Entry address:
0x7EF000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 60, 22, 00, 2D, 1C, 8A, 09, 10, 05, 11, 8A, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 23, FB, 4E, 00, 68, 11, 3D, 92, 2F, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, E1, FE, 85, FE, 4B, 9A, 0E, 17, 66, 92, 80, 63, 22, 6B...
 
[+]

Code size:
1.7 MB (1,807,872 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Himcospaz

Command:
C:\users\{user}\appdata\local\toxicles.exe


Scan toxicles.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.