» uplus.exe
Overview
Analysis
File Details
Network (5)

uplus.exe

LoadMoneyWebSite

The executable uplus.exe has been detected as malware by 25 anti-virus scanners. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.

File name:

uplus.exe

Product:

LoadMoneyWebSite

Version:

1.0.0.0

MD5:

12d8229e91470340ca55c80ba197896c

SHA-1:

edebe16daedd33fa8251c2a2be0ac7712e12a876

SHA-256:

c04a0de4a5024e13b6bdb36cb24a3ddc827a2080ec83417882532edcffd52db3

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/26/2024 1:01:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.267697

463

AegisLab AV Signature

Troj.Drop.Agent.NFB

2.1.4+

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/ATRAPS.Gen

8.3.2.2

Arcabit

Trojan.Kazy.D415B1

1.0.0.526

avast!

Win32:Dropper-NFB [Drp]

2014.9-151030

AVG

Inject2

2016.0.2941

Baidu Antivirus

Trojan.MSIL.TrojanClicker

4.0.3.151030

Bitdefender

Gen:Variant.Kazy.267697

1.0.20.1515

Comodo Security

UnclassifiedMalware

23226

Emsisoft Anti-Malware

Gen:Variant.Kazy.267697

8.15.10.30.11

ESET NOD32

MSIL/TrojanClicker.NCC (variant)

9.12244

F-Secure

Gen:Variant.Kazy.267697

11.2015-30-10_6

G Data

Gen:Variant.Kazy.267697

15.10.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

McAfee

Artemis!12D8229E9147

5600.6597

MicroWorld eScan

Gen:Variant.Kazy.267697

16.0.0.909

NANO AntiVirus

Trojan.Win32.ATRAPS.durrrp

0.30.24.3283

Panda Antivirus

Generic Malware

15.10.30.11

Qihoo 360 Security

Win32/Trojan.55b

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.32HB13

7.2.303

Trend Micro

TROJ_SPNR.32HB13

10.465.30

VIPRE Antivirus

Trojan.Win32.Clicker

43716

Zillya! Antivirus

Trojan.NCC.Win32.2

2.0.0.2396

File size:

22 KB (22,528 bytes)

Product version:

1.0.0.0

Original file name:

LoadMoneyWebSite.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\adobe\uplus.exe

File PE Metadata

Compilation timestamp:

6/23/2013 4:40:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:S7TxTVj3JIPPgom4O4UvqEci0Pm/WUbttKJ0lXDtNY9KTW9tZH/rYyCkb0V0R:ix93JQIj4O4UvVci0PGteKTaTrCkMw

Entry address:

0x6E06

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

20 KB (20,480 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to lb-182-241.above.com (103.224.182.241:80)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

TCP (HTTP):

Connects to cache.google.com (195.64.213.46:80)

TCP (HTTP):

Connects to vip1.g5.cachefly.net (205.234.175.175:80)

Remove uplus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.