» unegea.exe
Overview
Analysis
File Details
Behaviors (1)

unegea.exe

The executable unegea.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Unegea’. This worm can steal user names and passwords by monitoring network communication, block websites, and launch a denial of service (DoS) attack.

File name:

unegea.exe

MD5:

85d00af656bd726ead752fee5856d167

SHA-1:

efe55cb482aa7333af4ad7b96a9a2dd164a124a9

SHA-256:

5951cbb5b2652b6c80007b668e0b052415f0bd4cbcdfe9a889fba1a7373b364a

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

4/25/2024 11:33:46 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1459506

1023

Agnitum Outpost

Backdoor.Ruskill

7.1.1

Avira AntiVirus

Worm/Dorkbot.I.3146

7.11.133.242

avast!

Win32:Crypt-QHZ [Trj]

2014.9-140418

AVG

BackDoor.Generic18

2015.0.3501

Baidu Antivirus

Backdoor.Win32.Ruskill

4.0.3.14418

Bitdefender

Trojan.GenericKD.1459506

1.0.20.540

Bkav FE

W32.DropperDorkbotJ.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

17859

Dr.Web

BackDoor.IRC.NgrBot.42

9.0.1.0108

Emsisoft Anti-Malware

Trojan.GenericKD.1459506

8.14.04.18.03

ESET NOD32

Win32/Dorkbot

8.9482

Fortinet FortiGate

W32/Ruskill.FDHYIWG!tr.bdr

4/18/2014

F-Prot

W32/Trojan2.OCKN

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1459506

11.2014-18-04_6

G Data

Trojan.GenericKD.1459506

14.4.24

IKARUS anti.virus

Worm.Win32.Dorkbot

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11292

Kaspersky

Backdoor.Win32.Ruskill

14.0.0.3999

McAfee

RDN/Generic.bfr!fl

5600.7157

Microsoft Security Essentials

Worm:Win32/Dorkbot.I

1.10302

MicroWorld eScan

Trojan.GenericKD.1459506

15.0.0.324

NANO AntiVirus

Trojan.Win32.NgrBot.crjcfs

0.28.0.58101

Norman

Troj_Generic.RQMAL

11.20140418

nProtect

Trojan.GenericKD.1459506

14.02.27.03

Panda Antivirus

Trj/WLT.A

14.04.18.03

Qihoo 360 Security

Win32/Backdoor.b33

1.0.0.1015

Quick Heal

Trojan.Sirefef.A

4.14.12.00

Sophos

Mal/Generic-L

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dorkbot

10659

Total Defense

Win32/Dorkbot.YX

37.0.10789

Trend Micro House Call

TROJ_SIRFEF.SMAP

7.2.108

Trend Micro

TROJ_FORUCON.BMC

10.465.18

Vba32 AntiVirus

Trojan.TDSS.01414

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Sirefef.nb

26924

File size:

130 KB (133,120 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\identities\unegea.exe

File PE Metadata

Compilation timestamp:

12/4/2013 1:37:59 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.71

CTPH (ssdeep):

3072:czIddjzMaCu7hG/q2moAoj/yGVTL5NG+5AYxXBVuFJ352:O4G/nmolL1JvX30

Entry address:

0x5706

Entry point:

55, 89, 2C, 24, 8B, 0D, 43, 03, 43, 00, E8, 98, 00, 00, 00, 2B, CA, 03, CD, E8, 53, 00, 00, 00, E8, 9A, 36, 00, 00, 50, 8B, 0D, 0E, 18, 42, 00, BA, D8, 20, 0F, CF, B7, 78, 58, E8, 62, 05, 00, 00, 47, 03, D3, 50, 0F, B6, C9, 8B, F8, E8, 0C, 05, 00, 00, 8B, 35, EE, F5, 41, 00, 58, 33, C9, 8D, 14, 41, 05, 54, 0B, 00, 00, 03, F1, 03, FE, 5F, 5E, BA, 28, 6F, 53, 7C, 5B, 5A, 5D, 8B, 0C, 24, 51, 50, FF, 74, 24, 0C, 5D, C2, 00, 00, 55, 52, 53, 56, 57, 8B, 44, 24, 14, 50, 8B, DD, 8D, 2C, 00, 45, 2B, D8, BB, D0, 03... 
[+]

Entropy:

7.6681

Code size:

32 KB (32,768 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Unegea

Command:

C:\users\{user}\appdata\roaming\identities\unegea.exe

Remove unegea.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.