home

vk_message.exe

The executable vk_message.exe has been detected as malware by 34 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fileshare1090.dfiles.ru.
MD5:
ee70be9387291371639e6c999d912afb

SHA-1:
b1d7a318a11d7db90ce4829f5172a26b83acb0a8

SHA-256:
3bfaf9b3309f37a2f40f86e884303ce13bee0f2ba8fe48a85589114eb16bc3cc

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
5/1/2024 1:24:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.4596107
339

Agnitum Outpost
Trojan.VkHost
7.1.1

AhnLab V3 Security
Win-Trojan/Vkhost.700416
2015.03.07

Avira AntiVirus
TR/VKHost.ari
7.11.214.140

avast!
Win32:Malware-gen
2014.9-160301

AVG
Generic18
2017.0.2817

Baidu Antivirus
Trojan.Win32.VkHost
4.0.3.1631

Bitdefender
Trojan.Generic.4596107
1.0.20.305

Clam AntiVirus
Win.Trojan.Vkhost-286
0.98/21511

Comodo Security
Heur.Suspicious
21321

Dr.Web
Trojan.Hosts.607
9.0.1.061

Emsisoft Anti-Malware
Trojan.Generic.4596107
8.16.03.01.12

ESET NOD32
Win32/Qhost.PAM
10.11282

Fortinet FortiGate
W32/VkHost.ARI!tr
3/1/2016

F-Prot
W32/MalwareF.ILUT
v6.4.7.1.166

F-Secure
Trojan.Generic.4596107
11.2016-01-03_3

G Data
Trojan.Generic.4596107
16.3.25

IKARUS anti.virus
Trojan.Win32.VkHost
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15187

Kaspersky
Trojan.Win32.VkHost
14.0.0.582

McAfee
Artemis!EE70BE938729
5600.6473

Microsoft Security Essentials
Trojan:Win32/Comame!gmb
1.1.11400.0

MicroWorld eScan
Trojan.Generic.4596107
17.0.0.183

NANO AntiVirus
Trojan.Win32.VkHost.cszhfa
0.30.0.296

Norman
Suspicious_Gen2.CCTWK
11.20160301

nProtect
Trojan/W32.VkHost.700416
15.03.06.01

Panda Antivirus
Trj/CI.A
16.03.01.12

Qihoo 360 Security
Win32/Trojan.9f4
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.1233C69B!305383067
23.00.65.16228

Sophos
Mal/Generic-L
4.98

Vba32 AntiVirus
Trojan.VkHost
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38196

ViRobot
Trojan.Win32.A.VkHost.700416[h]
2014.3.20.0

Zillya! Antivirus
Trojan.VkHost.Win32.1397
2.0.0.2090

File size:
684 KB (700,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vk_message.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:DvQM+ru2pfUUw3yu40rMnbPeEOYbel1g4SRki:cbrXfU73yMwynz94

Entry address:
0x65BB8

Entry point:
55, 8B, EC, 83, C4, F0, B8, C8, 59, 46, 00, E8, 6C, 00, FA, FF, A1, 50, 79, 46, 00, 8B, 00, E8, EC, B0, FE, FF, 8B, 0D, 38, 7A, 46, 00, A1, 50, 79, 46, 00, 8B, 00, 8B, 15, 9C, 56, 46, 00, E8, EC, B0, FE, FF, A1, 50, 79, 46, 00, 8B, 00, E8, 60, B1, FE, FF, E8, 5F, E1, F9, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 02, 00, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
403 KB (412,672 bytes)

The file vk_message.exe has been seen being distributed by the following URL.

http://fileshare1090.dfiles.ru/auth-1456833421643134d55e7f8d82a570f0-217.118.95.125-2484460365-54132413-guest/.../VK_Message.exe

Remove vk_message.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.