» winkun.exe
Overview
Analysis
File Details
Network (26)

winkun.exe

PBruteParser

amd

The executable winkun.exe has been detected as malware by 29 anti-virus scanners. While running, it connects to the Internet address customer.worldstream.nl on port 80 using the HTTP protocol.

File name:

winkun.exe

Publisher:

amd

Product:

PBruteParser

Version:

1.00

MD5:

8f22fd0fc39c5638ea7e7718f799a40c

SHA-1:

236dee63d0d2422f9c708346e2f2208f79361afc

SHA-256:

4de82ccb1e9e2a2004f101e1aa2b155952d4d53737a026d4a1591a36985c2252

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/24/2024 10:58:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2486871

572

Agnitum Outpost

Trojan.DR.Dapato

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2015.06.22

Arcabit

Trojan.Generic.D25F257

1.0.0.425

avast!

Win32:Dropper-gen [Drp]

2014.9-150712

AVG

Generic36

2016.0.3050

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.15712

Bitdefender

Trojan.GenericKD.2486871

1.0.20.965

Dr.Web

Trojan.DownLoader13.43071

9.0.1.0193

Emsisoft Anti-Malware

Trojan.GenericKD.2486871

8.15.07.12.03

ESET NOD32

probably unknown NewHeur_PE

9.11782

Fortinet FortiGate

W32/Dapato.NVVL!tr

7/12/2015

F-Secure

Trojan.GenericKD.2486871

11.2015-12-07_1

G Data

Trojan.GenericKD.2486871

15.7.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16309

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1890

McAfee

RDN/Generic.grp!ik

5600.6706

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.11701.0

MicroWorld eScan

Trojan.GenericKD.2486871

16.0.0.579

NANO AntiVirus

Trojan.Win32.Dapato.dszium

0.30.24.2086

nProtect

Trojan.GenericKD.2486871

15.06.19.01

Panda Antivirus

Trj/Chgt.O

15.06.13.09

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Quick Heal

TrojanDropper.Dapato.r3

7.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.18C2AB2E!415410990

23.00.65.15710

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0613

7.2.193

VIPRE Antivirus

Trojan.Win32.Generic

41340

File size:

44 KB (45,056 bytes)

Product version:

1.00

Original file name:

bp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\winkun\winkun.exe

File PE Metadata

Compilation timestamp:

6/13/2015 8:40:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:00abxVahHUJhK6qw8WxDHlOcbaqF9P6GvB0Um:00alVaRU/qRWxDHlOcb1Fh9vBlm

Entry address:

0x16E0

Entry point:

68, 20, 18, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 83, 59, 2F, 06, 4D, 48, 6B, 46, AA, B8, B8, 42, 82, 3A, 0C, FA, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 42, 72, 75, 74, 65, 50, 61, 72, 73, 65, 72, 00, 23, 32, 2E, 00, 00, 00, 00, 06, 00, 00, 00, 2C, 29, 40, 00, 07, 00, 00, 00, F4, 27, 40, 00, 07, 00, 00, 00, F0, 1F, 40, 00, 07, 00, 00, 00, 9C, 1F, 40, 00, 07, 00, 00, 00, 58, 1F, 40, 00, 07, 00, 00, 00, F0, 1E, 40, 00... 
[+]

Entropy:

4.7349

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

32 KB (32,768 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to vip-208-82-16-68.ning.com (208.82.16.68:80)

TCP (HTTP):

Connects to a23-76-153-75.deploy.static.akamaitechnologies.com (23.76.153.75:80)

TCP (HTTP):

Connects to 172.6.198.104.bc.googleusercontent.com (104.198.6.172:80)

TCP (HTTP):

Connects to nameservices.net (216.117.168.9:80)

TCP (HTTP):

Connects to ec2-52-1-254-177.compute-1.amazonaws.com (52.1.254.177:80)

TCP (HTTP):

Connects to ec2-50-19-250-157.compute-1.amazonaws.com (50.19.250.157:80)

TCP (HTTP):

Connects to betseal.info (216.117.191.63:80)

TCP (HTTP):

Connects to b.bepress.com (72.5.9.197:80)

TCP (HTTP):

Connects to a23-67-53-113.deploy.static.akamaitechnologies.com (23.67.53.113:80)

TCP (HTTP):

Connects to a104-76-84-53.deploy.static.akamaitechnologies.com (104.76.84.53:80)

TCP (HTTP SSL):

Connects to a104-75-22-146.deploy.static.akamaitechnologies.com (104.75.22.146:443)

TCP (HTTP):

Connects to 107.154.129.231.ip.incapdns.net (107.154.129.231:80)

TCP (HTTP):

Connects to www.socialpsychology.org (107.170.172.221:80)

TCP (HTTP):

Connects to web.cn.edu (71.80.35.163:80)

TCP (HTTP):

Connects to uwstout.edu (144.13.17.20:80)

TCP (HTTP):

Connects to tedxuwstout.com (144.13.17.24:80)

TCP (HTTP):

Connects to survivor.mq.edu.au (137.111.144.160:80)

TCP (HTTP):

Connects to pages-wildcard.weebly.com (199.34.228.53:80)

TCP (HTTP):

Connects to lawcf.law.usc.edu (68.181.102.159:80)

TCP (HTTP):

Connects to gw.us.platform.sh (54.88.225.116:80)

Remove winkun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.