home

כל בחנות.exe

כל בחנות

The executable כל בחנות.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from f2h.nana10.co.il and multiple other hosts.
Product:
כל בחנות

Version:
1.0.0.0

MD5:
c469340d40a9c552003320a16be32e06

SHA-1:
fbbe38ddfe5175b5213981a08118c0bdd54874b6

SHA-256:
2962512ad1c7151b25a75f3026b8750d2c915729ae13818b5a3c391fde98f32b

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/27/2024 8:45:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.370103
489

Avira AntiVirus
TR/Kazy.2893824
7.11.208.184

Bitdefender
Gen:Variant.Kazy.370103
1.0.20.1385

Emsisoft Anti-Malware
Gen:Variant.Kazy.370103
8.15.10.04.07

F-Secure
Gen:Variant.Kazy.370103
11.2015-04-10_1

G Data
Gen:Variant.Kazy.370103
15.10.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

McAfee
Artemis!C469340D40A9
5600.6623

MicroWorld eScan
Gen:Variant.Kazy.370103
16.0.0.831

Trend Micro House Call
TROJ_GEN.R047H09B115
7.2.277

File size:
2.8 MB (2,893,824 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2011

Original file name:
כל בחנות.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\?? ?????.exe

File PE Metadata
Compilation timestamp:
12/7/2011 3:27:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:pX70tGG8WjfkJfTE+GMbIc2iBTrsYCMPIQ5umH8gQhx:pX5RWjfSfYb+IBmxdPsTgG

Entry address:
0x2C320E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9404

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.8 MB (2,888,704 bytes)

The file כל בחנות.exe has been seen being distributed by the following 8 URLs.

http://f2h.nana10.co.il/.../f6ypwlcjovji|ca4563a792f96029784b60928594f31e|.exe

http://serv33.f2h.co.il/.../f6ypwlcjovji|029c8b5078683bfac335599258176ec6

http://f2h.nana10.co.il/.../f6ypwlcjovji|6fbf9c0bb18eb2b5b98b24bec65d6279|.exe

http://f2h.nana10.co.il/.../f6ypwlcjovji|1baa8dd1e3c0b0f7805f120b314f85db|.exe

http://f2h.nana10.co.il/.../f6ypwlcjovji|72a0e82cb854aedc4b156a389e902b7e|.exe

http://serv33.f2h.co.il/.../f6ypwlcjovji|312cf0252c5121a948b99184c5ab3e7c

http://f2h.nana10.co.il/.../f6ypwlcjovji|ed7a8a05e21499513441af236c021449|.exe

http://f2h.nana10.co.il/.../f6ypwlcjovji|5837bf14256cefbfcd5e81a939bd297e|.exe

Remove כל בחנות.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.