1.exe

Webbrowser

Microsoft Windows

The executable 1.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s1.directxex.com.
Publisher:
Microsoft Windows

Product:
Webbrowser

Description:
Mozzila Firefox

Version:
1.0.0.0

MD5:
ed81ef92ca03e675547ef344218b641a

SHA-1:
3d27cdaceeadb6de449b2733b651208fbdc3c180

SHA-256:
05288543fe3fa1aa2f4b2a2daafc3db8f750cd04e6c32c229e19275e0688aab0

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
11/30/2024 3:39:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.88327
786

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.183.62

avast!
Win32:Malware-gen
2014.9-141210

AVG
MSIL3
2015.0.3264

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.141210

Bitdefender
Gen:Variant.Zusy.88327
1.0.20.1720

Comodo Security
UnclassifiedMalware
19997

Dr.Web
Win32.HLLW.Autoruner2.16150
9.0.1.0344

Emsisoft Anti-Malware
Gen:Variant.Zusy.88327
8.14.12.10.02

ESET NOD32
MSIL/Injector.COF (variant)
8.10675

Fortinet FortiGate
W32/Generic.COF!tr
12/10/2014

F-Secure
Gen:Variant.Zusy.88327
11.2014-10-12_4

G Data
Gen:Variant.Zusy.88327
14.12.24

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13888

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2817

Malwarebytes
Backdoor.Agent.DST
v2014.12.10.02

McAfee
RDN/Generic.bfr!he
5600.6920

Microsoft Security Essentials
VirTool:MSIL/Injector.ED
1.11104

MicroWorld eScan
Gen:Variant.Zusy.88327
15.0.0.1032

Norman
Troj_Generic.UARAA
11.20141210

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Quick Heal
Trojan.Generic.r3
12.14.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0PEQ14
7.2.344

Trend Micro
TROJ_GEN.R0CBC0PEQ14
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
34536

File size:
97 KB (99,328 bytes)

Product version:
1.0.0.0

Copyright:
Romana

Trademarks:
Microsoft Windows

Original file name:
1.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\1.exe

File PE Metadata
Compilation timestamp:
5/23/2014 6:52:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:PYoMDcA8olRn94iziYPvROjMP6JTY3QKzAt9Ex:wXcbBeFPvROjUsT4QWgE

Entry address:
0x19BFA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 90, 01, 00, 0C, 00, 00, 00, FC, 3B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
95 KB (97,280 bytes)

The file 1.exe has been seen being distributed by the following URL.

Remove 1.exe - Powered by Reason Core Security