» 7.exe
Overview
Analysis
File Details
Downloads (1)

7.exe

Zehmonmascaina

K7 Computing Pvt. Ltd.

The executable 7.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from ointonerdelt.uni.me.

File name:

7.exe

Publisher:

K7 Computing Pvt. Ltd.

Product:

Zehmonmascaina

Version:

6.01.0001

MD5:

d2e2315624579fd06239703955e901e7

SHA-1:

01b3a747917935ee9531c5e0559c7fd6b12c8c0a

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

11/5/2024 10:27:52 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:VB-AITG [Trj]

160216-3

ESET NOD32

Win32/Injector.BLMZ trojan

8.0.319.0

F-Secure

Variant.Symmi.47197

5.15.21

Kaspersky

Backdoor.Win32.Tofsee

15.0.0.562

McAfee

Trojan.Trojan-FETJ!D2E231562457

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.7242.0

Norman

Gen:Variant.Symmi.47197

19.02.2016 10:08:15

Sophos

Virus 'Troj/VBInj-MJ'

5.23

File size:

136 KB (139,264 bytes)

Product version:

6.01.0001

Original file name:

ame.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\7.exe

File PE Metadata

Compilation timestamp:

9/8/2014 2:00:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:HvqKRrN+58gOwNOOXrK/3rLCyj/J2EQyLEjk9uFyvEjHKuT5:d1N88mY3nBNQyLTIjHKu1

Entry address:

0x1378

Entry point:

68, 48, 89, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 77, BA, 6A, B7, 75, 24, EC, 4F, 9E, 38, A0, 87, 6B, 05, 3F, 96, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 72, 61, 73, 69, 6C, 69, 61, 6E, 65, 72, 69, 6E, 6E, 65, 6E, 00, 08, 41, 00, F0, 07, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, 2E, BA, 31, A7, 2C, E0, 88, 4E, 98, 15, B7, DA, A3, E9, 5E, 1D, 82, D4, 42, 07, F5, 4A, A3, 47, 84, 90, 91, 3B, 8F, 62, F7, 5C, 3A, 4F, AD... 
[+]

Entropy:

5.8796

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

124 KB (126,976 bytes)

The file 7.exe has been seen being distributed by the following URL.

http://ointonerdelt.uni.me/f/19489148op67m/.../7

Remove 7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.