home

wussy.exe

mlru

Z0uAl

The executable wussy.exe has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from www.kamareziteflamedarting.top and multiple other hosts.
Publisher:
Z0uAl

Product:
mlru

Description:
TGTse9CZIRJr70s

Version:
16.203.218.134

MD5:
a58cc2d82f0d17e307d964de315ea2c5

SHA-1:
dbd27304b9124154fdfbd703844d2ae0e1c5e007

SHA-256:
10bf2e3e8f1351ec4aa7ced3d96883ecc1911b242ad15697b4b77e4b338845d0

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
5/3/2024 1:14:18 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
160518-2

Microsoft Security Essentials
Threat.Undefined
1.225.2266.0

VIPRE Antivirus
Threat.4150696
51054

File size:
700 KB (716,800 bytes)

Product version:
16.203.218.134

Copyright:
Copyright 2016

Trademarks:
Pepcyc

Original file name:
6tgiInNG

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\wussy.exe

File PE Metadata
Compilation timestamp:
7/20/2016 2:29:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:hGVjPf5O0r/mJfdDCkSj4j/zDylZ5PjHU:hGlN/MfhCkC6/3q5bHU

Entry address:
0xF27E

Entry point:
E8, 69, 76, 00, 00, E9, 8C, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, 75, 0C, 57, 83, CF, FF, F6, 46, 0C, 40, 75, 6F, 56, E8, 4A, 79, 00, 00, 59, BA, 50, 6A, 43, 00, 3B, C7, 74, 1B, 83, F8, FE, 74, 16, 8B, C8, 83, E1, 1F, 8B, D8, C1, FB, 05, C1, E1, 06, 03, 0C, 9D, A0, 7F, 43, 00, EB, 02, 8B, CA, F6, 41, 24, 7F, 75, 25, 3B, C7, 74, 19, 83, F8, FE, 74, 14, 8B, C8, 83, E0, 1F, C1, F9, 05, C1, E0, 06, 03, 04, 8D, A0, 7F, 43, 00, EB, 02, 8B, C2, F6, 40, 24, 80, 74, 17, E8, E3, 40, 00, 00, C7, 00, 16, 00, 00...
 
[+]

Entropy:
7.2334

Code size:
184.5 KB (188,928 bytes)

The file wussy.exe has been seen being distributed by the following 2 URLs.

http://www.kamareziteflamedarting.top/.../b8k2v.exe

http://www.kamareziteflamedarting.top/.../wussy.exe

Remove wussy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.