init.exe

The executable init.exe has been detected as malware by 37 anti-virus scanners. While running, it connects to the Internet address MX01.NICMAIL.ru on port 25.
MD5:
08cc976b06f2ca6d05413776a39817f5

SHA-1:
22d9e05986cb641cb4efcf0e4eec298c828e1053

SHA-256:
5c36ffa8c4fbef29469fcae3b377a7ac822ba90d203a26215ad71f1d143d9e54

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
2/26/2024 7:31:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.530125
6065142

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Packed/Win32.Katusha
2015.03.28

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
MalOb-FJ [Cryp]
150414-0

AVG
Win32/DH{eYETIAMJDwE2Ch6BElVEfIEO}
2016.0.3114

Baidu Antivirus
Trojan.Win32.Katusha
4.0.3.1559

Bitdefender
Gen:Variant.Kazy.530125
1.0.20.645

Bkav FE
W32.HemcapB.Trojan
1.3.0.6379

Comodo Security
UnclassifiedMalware
21564

Dr.Web
Trojan.Spambot.9653
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.530125
9.0.0.4799

ESET NOD32
Win32/Tofsee.AF trojan
7.0.302.0

Fortinet FortiGate
W32/Katusha.OT!tr
5/9/2015

F-Prot
W32/Sasfis.C.gen
4.6.5.141

F-Secure
Gen:Variant.Kazy.530125
5.13.68

G Data
Gen:Variant.Kazy.530125
15.5.25

IKARUS anti.virus
Backdoor.Win32.Cetorp
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15408

Kaspersky
Packed.Win32.Katusha
15.0.0.543

Malwarebytes
Trojan.Injector
v2015.05.09.12

McAfee
Trojan.Artemis!08CC976B06F2
17.6.569.0

Microsoft Security Essentials
Threat.Undefined
1.197.1980.0

MicroWorld eScan
Gen:Variant.Kazy.530125
16.0.0.387

NANO AntiVirus
Trojan.Win32.Katusha.djerwf
0.30.8.659

Norman
Gen:Variant.Barys.716
03.12.2014 13:20:04

nProtect
Trojan/W32.Katusha.27648.F
15.03.27.01

Qihoo 360 Security
Win32/Trojan.c4c
1.0.0.1015

Quick Heal
UPX.Trojan.r3
5.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.F0CBOC0LC14
7.2.129

Trend Micro
TROJ_GEN.F0CBOC0LC14
10.465.09

Vba32 AntiVirus
BScope.Trojan.Agent.Wakaba
3.12.26.3

VIPRE Antivirus
Threat.4740024
39676

ViRobot
Trojan.Win32.A.Katusha.27648.K[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Tofsee.Win32.484
2.0.0.2119

File size:
27 KB (27,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\acer\init.exe

File PE Metadata
Compilation timestamp:
4/27/2004 4:06:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:0xRX+fZQsIf8LyffELsMtrvuE358nJ8Kaf:cQZbIfFH4BvukEJraf

Entry address:
0x173A0

Entry point:
60, BE, 00, 10, 41, 00, 8D, BE, 00, 00, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
28 KB (28,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (SMTP):
Connects to MX01.NICMAIL.ru  (194.85.88.242:25)

TCP (SMTP):
Connects to mx00.kundenserver.de  (212.227.15.41:25)

TCP (SMTP):
Connects to mx1.timeweb.ru  (92.53.116.47:25)

TCP (SMTP):
Connects to mail.gan.ru  (87.245.156.99:25)

TCP (SMTP):
Connects to w2.src1.vip.ir2.yahoo.com  (77.238.184.24:25)

TCP (SMTP):
Connects to server.ameradio.com  (69.160.248.2:25)

TCP (SMTP):
Connects to post.gcmpp.ru  (84.253.114.100:25)

TCP (SMTP):
Connects to pita.dynamichosting.biz  (204.244.125.45:25)

TCP (SMTP):
Connects to p3pismtp01-065.prod.phx3.secureserver.net  (72.167.238.32:25)

TCP (SMTP):
Connects to mxs.mail.ru  (217.69.139.150:25)

TCP (SMTP):
Connects to mx3.mail.uk.easynet.net  (212.135.6.25:25)

TCP (SMTP):
Connects to mx1.spaceweb.ru  (77.222.41.54:25)

TCP (SMTP):
Connects to mx1.masterhost.ru  (83.222.23.178:25)

TCP (SMTP):
Connects to mx1.emailsrvr.com  (98.129.184.3:25)

TCP (SMTP):
Connects to mx01.lolipop.jp  (157.7.107.6:25)

TCP (SMTP):
Connects to mx.yandex.ru  (213.180.204.89:25)

TCP (SMTP):
Connects to mx.fr.oleane.com  (194.2.0.80:25)

TCP (SMTP):
Connects to ms.denit.net  (62.148.189.53:25)

TCP (SMTP):
Connects to mail-by2nam010170.inbound.protection.outlook.com  (216.32.181.170:25)

TCP (SMTP):
Connects to mail.valleypizza.com  (76.73.154.179:25)

Remove init.exe - Powered by Reason Core Security