» vuze.exe
Overview
Analysis
File Details
Network (2)

vuze.exe

Installer

Advertiso

The executable vuze.exe has been detected as malware by 14 anti-virus scanners. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

vuze.exe

Publisher:

Advertiso

Product:

Installer

Version:

1.0.0.1

MD5:

3ee0b65fa537ac04191d2c8f0f08e81a

SHA-1:

9a7d96cde44934b410cfd745ec593749cfac8b74

SHA-256:

59cc26a0154949f3ae664fca4e130ea9a8f9ac1fdcc632e68962167aa7903181

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/19/2024 10:06:40 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.151493

775

Agnitum Outpost

Trojan.DR.Agent

7.1.1

Avira AntiVirus

TR/Graftor.151493.21

7.11.169.82

avast!

Win32:Malware-gen

2014.9-141221

Bitdefender

Gen:Variant.Graftor.151493

1.0.20.1775

Emsisoft Anti-Malware

Gen:Variant.Graftor.151493

8.14.12.21.10

F-Secure

Gen:Variant.Graftor.151493

11.2014-21-12_1

G Data

Gen:Variant.Graftor.151493

14.12.24

McAfee

Artemis!3EE0B65FA537

5600.6909

MicroWorld eScan

Gen:Variant.Graftor.151493

15.0.0.1065

NANO AntiVirus

Trojan.Win32.Agent.ddhtxs

0.28.2.61861

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.22

Trend Micro House Call

TROJ_GEN.R0E3H09HM14

7.2.355

Vba32 AntiVirus

TrojanDropper.Agent

3.12.26.3

File size:

4.6 MB (4,815,360 bytes)

Product version:

1.0.0.1

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\super important downloads\vuze.exe

File PE Metadata

Compilation timestamp:

7/19/2014 6:35:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:+mp6wcCuEctakxM31CX2YcFXMEgniXKKP1ZMj9ghi1RebMo89ub0bVEK:3cCuika88MiXKKP1ZMjDo89ub0bV

Entry address:

0x18C97C

Entry point:

E8, E1, A2, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 30, 36, 63, 00, 75, 02, F3, C3, E9, C8, 38, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 69, 00, 00, 00, C7, 06, C0, 4E, 5F, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 0D, 00, 00, 00, C7, 06, C0, 4E, 5F, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, A0, 4E, 5F, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, A0, 4E, 5F... 
[+]

Entropy:

6.8326

Code size:

1.8 MB (1,864,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove vuze.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.