home

widows.exe

j

The executable widows.exe has been detected as malware by 32 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘7584da1be0361f0265b1d3008ee61003’. The file has been seen being downloaded from www.weebly.com.
Publisher:
j

Product:
j

Version:
1.8.0.6

MD5:
d14a2c906d8bc770965875036c7fc25f

SHA-1:
8737a1490eb93b9d07b0b80236a0bb5a87f976bd

SHA-256:
69a4ecafdc2c0e98f5e98a563b1842014ef0ba32bd02d47c8956988faa778bad

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/26/2024 2:05:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15054676
369

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.MSIL
2015.10.02

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.2.2

Arcabit
Trojan.Generic.DE5B754
1.0.0.568

avast!
Win32:Malware-gen
2014.9-160201

AVG
MSIL9
2017.0.2847

Bitdefender
Trojan.Generic.15054676
1.0.20.160

Bkav FE
W32.BladabindiMsilJ.Trojan
1.3.0.7237

Comodo Security
UnclassifiedMalware
23336

Dr.Web
Trojan.Starter.2890
9.0.1.032

Emsisoft Anti-Malware
Trojan.Generic.15054676
8.16.02.01.07

ESET NOD32
Generik.BKQOWMS (variant)
10.12341

Fortinet FortiGate
W32/Inject.BKQOWMS!tr
2/1/2016

F-Secure
Trojan.Generic.15054676
11.2016-01-02_2

G Data
Trojan.Generic.15054676
16.2.25

IKARUS anti.virus
Trojan.Dropper
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17394

Kaspersky
Trojan.MSIL.Inject
14.0.0.728

McAfee
RDN/Generic Dropper
5600.6503

Microsoft Security Essentials
Trojan:Win32/Skeeyah.A!bit
1.1.12101.0

MicroWorld eScan
Trojan.Generic.15054676
17.0.0.96

NANO AntiVirus
Trojan.Win32.Inject.dxfvzo
0.30.26.3725

nProtect
Trojan.GenericKD.2745443
15.10.01.01

Panda Antivirus
Trj/CI.A
16.02.01.07

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.Inject.r3
2.16.14.00

Rising Antivirus
PE:Malware.RDM.35!5.29[F1]
23.00.65.16130

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00XC0VIO15
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
44202

Zillya! Antivirus
Trojan.Inject.Win32.179220
2.0.0.2424

File size:
632.5 KB (647,680 bytes)

Product version:
1.8.0.6

Copyright:
Copyright © j 2013

Original file name:
Patch.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\widows.exe

File PE Metadata
Compilation timestamp:
9/19/2015 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:Eh09P7WK6i28n9Nf4BbrAS2RVmSkFC8B:Eh0l52qfQBb8S20SkH

Entry address:
0x44D9E

Entry point:
FF, 25, 00, 20, 40, 00, 42, 75, 69, 6C, 74, 20, 75, 73, 69, 6E, 67, 20, 61, 6E, 20, 65, 76, 61, 6C, 75, 61, 74, 69, 6F, 6E, 20, 76, 65, 72, 73, 69, 6F, 6E, 20, 6F, 66, 20, 39, 52, 61, 79, 73, 2E, 4E, 65, 74, 20, 53, 70, 69, 63, 65, 73, 2E, 4F, 62, 66, 75, 73, 63, 61, 74, 6F, 72, 2E, 20, 54, 68, 69, 73, 20, 73, 6F, 66, 74, 77, 61, 72, 65, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 64, 69, 73, 74, 72, 69, 62, 75, 74, 65, 64, 2E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6021

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
268 KB (274,432 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
7584da1be0361f0265b1d3008ee61003

Command:
"C:\users\{user}\appdata\local\temp\widows.exe"..


The file widows.exe has been seen being distributed by the following URL.

http://www.weebly.com/uploads/6/1/0/9/.../windows.exe

Remove widows.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.