фтп файлы.exe

The executable фтп файлы.exe has been detected as malware by 33 anti-virus scanners. While running, it connects to the Internet address dev.ucoz.net on port 80 using the HTTP protocol.
Version:
0.0.0.0

MD5:
effb12c9e2101caed795a6a337769600

SHA-1:
4e630df5aefb5dadc31f0647e117184e365be039

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
11/5/2024 9:47:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Barys.7520
123

AhnLab V3 Security
Malware/Win32.Generic.R121193
3.7.5.15

Avira AntiVirus
TR/Barys.25165.19
8.3.3.4

Arcabit
Trojan.Barys.D1D60
1.0.0.741

avast!
Win32:Malware-gen
2014.9-161003

AVG
MSIL5
2017.0.2601

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16103

Bitdefender
Gen:Variant.Barys.7520
1.0.20.1385

Clam AntiVirus
Win.Trojan.Agent-1224888
0.98/21511

Comodo Security
TrojWare.MSIL.Inject.AK
25525

Dr.Web
Trojan.DownLoader11.29476
9.0.1.0277

Emsisoft Anti-Malware
Gen:Variant.Barys.7520
8.16.10.03.04

ESET NOD32
MSIL/PSW.Steam.DL
10.13874

Fortinet FortiGate
W32/Generic.DL!tr
10/3/2016

F-Prot
W32/S-3e9bdcce
v6.4.7.1.166

F-Secure
Gen:Variant.Barys.7520
11.2016-03-10_2

G Data
Gen:Variant.Barys.7520
16.10.25

IKARUS anti.virus
Trojan.MSIL5
t3scan.2.1.6.0

K7 AntiVirus
Password-Stealer
13.235.20384

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-499

Malwarebytes
Spyware.PasswordStealer
v2016.10.03.04

McAfee
Artemis!EFFB12C9E210
5600.6257

Microsoft Security Essentials
Trojan:MSIL/Stimilini.J
1.1.12902.0

MicroWorld eScan
Gen:Variant.Barys.7520
17.0.0.831

NANO AntiVirus
Trojan.Win32.DownLoader11.dhxuim
1.0.38.8984

Panda Antivirus
Trj/CI.A
16.10.03.04

Qihoo 360 Security
Win32/Trojan.710
1.0.0.1120

Quick Heal
Trojan.Stimilini
10.16.14.00

Sophos
Troj/MSILInj-GE
4.98

Total Defense
Win32/Tnega.HFaaAPC
37.1.62.1

Trend Micro
TROJ_GEN.R00XC0DGS16
10.465.03

Vba32 AntiVirus
Trojan.MSIL.Steamilik
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
51174

File size:
194.9 KB (199,613 bytes)

Product version:
0.0.0.0

Original file name:
steamwebhelper.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\фтп файлы.exe

File PE Metadata
Compilation timestamp:
8/27/2014 11:02:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:HDHyVG/j8MmXN6DV5sPYOI+oZCSaRpJ/mi0:jSs/AMmXoD3uYOImSaRHui0

Entry address:
0x31FDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
192 KB (196,608 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to dev.ucoz.net  (195.216.243.114:80)

Remove фтп файлы.exe - Powered by Reason Core Security