2.exe

The application 2.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. While running, it connects to the Internet address cbahosting.pl on port 21.
MD5:
914e5cfeb2a7666ec54bac7c50cefe58

SHA-1:
bbf209b32cf8f2d7343520ca69e083ec1f5aa9f3

SHA-256:
fbf80e4ff87f97385ced96a7156e46f329052eb6feaf55b9e94e4dee8038a556

Scanner detections:
32 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 11:00:43 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.SMSHoax.17
546

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Ruftar
2015.03.23

Avira AntiVirus
TR/Crypt.ULPM.Gen
7.11.219.26

avast!
Win32:Evo-gen [Susp]
2014.9-150808

AVG
PSW.Generic10
2016.0.3024

Baidu Antivirus
Trojan.Win32.Usteal
4.0.3.1588

Bitdefender
Gen:Variant.Adware.SMSHoax.17
1.0.20.1100

Comodo Security
UnclassifiedMalware
21496

Dr.Web
Trojan.PWS.UFR.3724
9.0.1.0220

Emsisoft Anti-Malware
Gen:Variant.Adware.SMSHoax.17
8.15.08.08.10

ESET NOD32
Win32/Spy.Usteal (variant)
9.11358

Fortinet FortiGate
W32/ZBOT.CDL!tr
8/8/2015

F-Prot
W32/Credo.A2.gen
v6.4.7.1.166

G Data
Gen:Variant.Adware.SMSHoax.17
15.8.25

IKARUS anti.virus
Trojan-Spy.Win32.Usteal
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.202.15341

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1613

Malwarebytes
Trojan.PWS.LDPinch
v2015.08.08.10

McAfee
Trojan-FBXH!914E5CFEB2A7
5600.6680

Microsoft Security Essentials
TrojanSpy:Win32/Usteal.D
1.1.11400.0

MicroWorld eScan
Gen:Variant.Adware.SMSHoax.17
16.0.0.660

NANO AntiVirus
Trojan.Win32.UFR.cqrtlr
0.30.8.659

Norman
UStealer.F
11.20150808

Qihoo 360 Security
HEUR/Malware.QVM11.Gen
1.0.0.1015

Quick Heal
TrojanSpy.Usteal.D.mue
8.15.14.00

Sophos
Mal/Anomaly-A
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Usteal
9704

Trend Micro House Call
PAK_Generic.005
7.2.220

Trend Micro
PAK_Generic.005
10.465.08

VIPRE Antivirus
Trojan-Spy.Win32.Usteal.da
38658

Zillya! Antivirus
Trojan.Usteal.Win32.14796
2.0.0.2110

File size:
26.7 KB (27,310 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\2.exe

File PE Metadata
Compilation timestamp:
12/8/1998 8:05:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
384:4RkU8pGYz7AS5kaP+8/+CmOBdozKTDb0EkXYUNLXOOsHuoXT8:4REGqAQLVmOT86b0EqNznUuw

Entry address:
0x5BA20

Entry point:
60, BE, 15, 60, 45, 00, 8D, BE, EB, AF, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
24 KB (24,576 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (FTP):
Connects to cbahosting.pl  (95.211.144.68:21)

Remove 2.exe - Powered by Reason Core Security