» init.exe
Overview
Analysis
File Details
Network (178)

init.exe

The executable init.exe has been detected as malware by 37 anti-virus scanners. While running, it connects to the Internet address MX01.NICMAIL.ru on port 25.

File name:

init.exe

MD5:

08cc976b06f2ca6d05413776a39817f5

SHA-1:

22d9e05986cb641cb4efcf0e4eec298c828e1053

SHA-256:

5c36ffa8c4fbef29469fcae3b377a7ac822ba90d203a26215ad71f1d143d9e54

Scanner detections:

37 / 68

Status:

Malware

Analysis date:

4/26/2024 3:29:02 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.530125

6065142

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Packed/Win32.Katusha

2015.03.28

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

avast!

MalOb-FJ [Cryp]

150414-0

AVG

Win32/DH{eYETIAMJDwE2Ch6BElVEfIEO}

2016.0.3114

Baidu Antivirus

Trojan.Win32.Katusha

4.0.3.1559

Bitdefender

Gen:Variant.Kazy.530125

1.0.20.645

Bkav FE

W32.HemcapB.Trojan

1.3.0.6379

Comodo Security

UnclassifiedMalware

21564

Dr.Web

Trojan.Spambot.9653

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.530125

9.0.0.4799

ESET NOD32

Win32/Tofsee.AF trojan

7.0.302.0

Fortinet FortiGate

W32/Katusha.OT!tr

5/9/2015

F-Prot

W32/Sasfis.C.gen

4.6.5.141

F-Secure

Gen:Variant.Kazy.530125

5.13.68

G Data

Gen:Variant.Kazy.530125

15.5.25

IKARUS anti.virus

Backdoor.Win32.Cetorp

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15408

Kaspersky

Packed.Win32.Katusha

15.0.0.543

Malwarebytes

Trojan.Injector

v2015.05.09.12

McAfee

Trojan.Artemis!08CC976B06F2

17.6.569.0

Microsoft Security Essentials

Threat.Undefined

1.197.1980.0

MicroWorld eScan

Gen:Variant.Kazy.530125

16.0.0.387

NANO AntiVirus

Trojan.Win32.Katusha.djerwf

0.30.8.659

Norman

Gen:Variant.Barys.716

03.12.2014 13:20:04

nProtect

Trojan/W32.Katusha.27648.F

15.03.27.01

Qihoo 360 Security

Win32/Trojan.c4c

1.0.0.1015

Quick Heal

UPX.Trojan.r3

5.15.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.F0CBOC0LC14

7.2.129

Trend Micro

TROJ_GEN.F0CBOC0LC14

10.465.09

Vba32 AntiVirus

BScope.Trojan.Agent.Wakaba

3.12.26.3

VIPRE Antivirus

Threat.4740024

39676

ViRobot

Trojan.Win32.A.Katusha.27648.K[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Tofsee.Win32.484

2.0.0.2119

File size:

27 KB (27,648 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\acer\init.exe

File PE Metadata

Compilation timestamp:

4/27/2004 4:06:14 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

768:0xRX+fZQsIf8LyffELsMtrvuE358nJ8Kaf:cQZbIfFH4BvukEJraf

Entry address:

0x173A0

Entry point:

60, BE, 00, 10, 41, 00, 8D, BE, 00, 00, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

28 KB (28,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (SMTP):

Connects to MX01.NICMAIL.ru (194.85.88.242:25)

TCP (SMTP):

Connects to mx00.kundenserver.de (212.227.15.41:25)

TCP (SMTP):

Connects to mx1.timeweb.ru (92.53.116.47:25)

TCP (SMTP):

Connects to mail.gan.ru (87.245.156.99:25)

TCP (SMTP):

Connects to w2.src1.vip.ir2.yahoo.com (77.238.184.24:25)

TCP (SMTP):

Connects to server.ameradio.com (69.160.248.2:25)

TCP (SMTP):

Connects to post.gcmpp.ru (84.253.114.100:25)

TCP (SMTP):

Connects to pita.dynamichosting.biz (204.244.125.45:25)

TCP (SMTP):

Connects to p3pismtp01-065.prod.phx3.secureserver.net (72.167.238.32:25)

TCP (SMTP):

Connects to mxs.mail.ru (217.69.139.150:25)

TCP (SMTP):

Connects to mx3.mail.uk.easynet.net (212.135.6.25:25)

TCP (SMTP):

Connects to mx1.spaceweb.ru (77.222.41.54:25)

TCP (SMTP):

Connects to mx1.masterhost.ru (83.222.23.178:25)

TCP (SMTP):

Connects to mx1.emailsrvr.com (98.129.184.3:25)

TCP (SMTP):

Connects to mx01.lolipop.jp (157.7.107.6:25)

TCP (SMTP):

Connects to mx.yandex.ru (213.180.204.89:25)

TCP (SMTP):

Connects to mx.fr.oleane.com (194.2.0.80:25)

TCP (SMTP):

Connects to ms.denit.net (62.148.189.53:25)

TCP (SMTP):

Connects to mail-by2nam010170.inbound.protection.outlook.com (216.32.181.170:25)

TCP (SMTP):

Connects to mail.valleypizza.com (76.73.154.179:25)

Remove init.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.