home

{1b6ec7ac-07db-8931-d96b-b9941b6ec7ac}.exe

The executable {1b6ec7ac-07db-8931-d96b-b9941b6ec7ac}.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from catalog.chaosium.com and multiple other hosts.
MD5:
9e42a82a383dd4fac67cd1dad0617381

SHA-1:
1d2f799cd7ea0167a3d9f6a9afc4c46256721def

SHA-256:
3f0255c8526ee4f0c8a53abdfa32b71a509c747ea7a37715a5daf312ef48e45b

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/26/2025 1:33:37 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Ransomlock
14.04.11

avast!
Win32:Dropper-gen [Drp]
2014.9-140411

Bkav FE
HW32.CDB
1.3.0.4959

Malwarebytes
Backdoor.Bot.Gen
v2014.04.11.10

McAfee
PWSZbot-FXE!9E42A82A383D
5600.7164

Sophos
Troj/Zbot-IBJ
4.98

File size:
172 KB (176,128 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\{1b6ec7ac-07db-8931-d96b-b9941b6ec7ac}.exe

File PE Metadata
Compilation timestamp:
4/6/2014 5:34:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OjIMn8l839V/ZnonBIKslVONkD65A2tHJ9IUhnqel6nbOQ23wWEBoI:oIM8lO95ByivMkEA2BJ9IinqY0+xEBB

Entry address:
0x34DE

Entry point:
55, 8B, EC, 6A, FF, 68, 45, 48, 40, 00, 68, FA, 12, 40, 00, B8, 00, 00, 00, 00, 90, 50, 8B, C4, 90, 90, 90, 90, 90, 83, EC, 68, 53, 56, 57, 8B, EC, 90, 33, DB, 83, C5, 04, 6A, 02, 5F, 57, E9, E8, DD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, C3, CC, FF, 25, 6C, 42, 40, 00, FF, 25, 60, 42, 40, 00, 68, 00, 00, 03, 00, 68, 00, 00, 01, 00, E8, 17, 00, 00, 00, 59, 59, C3, C3, CC, FF, 25, 48, 42, 40, 00, FF, 25, 44, 42, 40, 00, FF, 25, 3C, 42, 40, 00, FF, 25, 38, 42, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

User Start Menu Item
Name:
{1b6ec7ac-07db-8931-d96b-b9941b6ec7ac}.exe


The file {1b6ec7ac-07db-8931-d96b-b9941b6ec7ac}.exe has been seen being distributed by the following 4 URLs.

http://catalog.chaosium.com/?gsgevggmzshrm=1458d487c2f8cb8e

https://dc717.4shared.com/download/2SHhPrkuce/.../APJhwnBbpkL

https://www.4shared.com/download/2SHhPrkuce/.../APJhwnBbpkL

http://catalog.chaosium.com/?st8kll01z2b9m83=9e3dc6eb1b7619

Remove {1b6ec7ac-07db-8931-d96b-b9941b6ec7ac}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.