» 2.exe
Overview
Analysis
File Details
Network (1)

2.exe

The application 2.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. While running, it connects to the Internet address cbahosting.pl on port 21.

File name:

2.exe

MD5:

914e5cfeb2a7666ec54bac7c50cefe58

SHA-1:

bbf209b32cf8f2d7343520ca69e083ec1f5aa9f3

SHA-256:

fbf80e4ff87f97385ced96a7156e46f329052eb6feaf55b9e94e4dee8038a556

Scanner detections:

32 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 11:34:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.SMSHoax.17

546

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Ruftar

2015.03.23

Avira AntiVirus

TR/Crypt.ULPM.Gen

7.11.219.26

avast!

Win32:Evo-gen [Susp]

2014.9-150808

AVG

PSW.Generic10

2016.0.3024

Baidu Antivirus

Trojan.Win32.Usteal

4.0.3.1588

Bitdefender

Gen:Variant.Adware.SMSHoax.17

1.0.20.1100

Comodo Security

UnclassifiedMalware

21496

Dr.Web

Trojan.PWS.UFR.3724

9.0.1.0220

Emsisoft Anti-Malware

Gen:Variant.Adware.SMSHoax.17

8.15.08.08.10

ESET NOD32

Win32/Spy.Usteal (variant)

9.11358

Fortinet FortiGate

W32/ZBOT.CDL!tr

8/8/2015

F-Prot

W32/Credo.A2.gen

v6.4.7.1.166

G Data

Gen:Variant.Adware.SMSHoax.17

15.8.25

IKARUS anti.virus

Trojan-Spy.Win32.Usteal

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.202.15341

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1613

Malwarebytes

Trojan.PWS.LDPinch

v2015.08.08.10

McAfee

Trojan-FBXH!914E5CFEB2A7

5600.6680

Microsoft Security Essentials

TrojanSpy:Win32/Usteal.D

1.1.11400.0

MicroWorld eScan

Gen:Variant.Adware.SMSHoax.17

16.0.0.660

NANO AntiVirus

Trojan.Win32.UFR.cqrtlr

0.30.8.659

Norman

UStealer.F

11.20150808

Qihoo 360 Security

HEUR/Malware.QVM11.Gen

1.0.0.1015

Quick Heal

TrojanSpy.Usteal.D.mue

8.15.14.00

Sophos

Mal/Anomaly-A

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Usteal

9704

Trend Micro House Call

PAK_Generic.005

7.2.220

Trend Micro

PAK_Generic.005

10.465.08

VIPRE Antivirus

Trojan-Spy.Win32.Usteal.da

38658

Zillya! Antivirus

Trojan.Usteal.Win32.14796

2.0.0.2110

File size:

26.7 KB (27,310 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\2.exe

File PE Metadata

Compilation timestamp:

12/8/1998 8:05:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

384:4RkU8pGYz7AS5kaP+8/+CmOBdozKTDb0EkXYUNLXOOsHuoXT8:4REGqAQLVmOT86b0EqNznUuw

Entry address:

0x5BA20

Entry point:

60, BE, 15, 60, 45, 00, 8D, BE, EB, AF, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

24 KB (24,576 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (FTP):

Connects to cbahosting.pl (95.211.144.68:21)

Remove 2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.