7.exe

Zehmonmascaina

K7 Computing Pvt. Ltd.

The executable 7.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from ointonerdelt.uni.me.
Publisher:
K7 Computing Pvt. Ltd.

Product:
Zehmonmascaina

Version:
6.01.0001

MD5:
d2e2315624579fd06239703955e901e7

SHA-1:
01b3a747917935ee9531c5e0559c7fd6b12c8c0a

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/24/2024 4:59:12 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:VB-AITG [Trj]
160216-3

ESET NOD32
Win32/Injector.BLMZ trojan
8.0.319.0

F-Secure
Variant.Symmi.47197
5.15.21

Kaspersky
Backdoor.Win32.Tofsee
15.0.0.562

McAfee
Trojan.Trojan-FETJ!D2E231562457
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7242.0

Norman
Gen:Variant.Symmi.47197
19.02.2016 10:08:15

Sophos
Virus 'Troj/VBInj-MJ'
5.23

File size:
136 KB (139,264 bytes)

Product version:
6.01.0001

Original file name:
ame.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\7.exe

File PE Metadata
Compilation timestamp:
9/8/2014 2:00:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:HvqKRrN+58gOwNOOXrK/3rLCyj/J2EQyLEjk9uFyvEjHKuT5:d1N88mY3nBNQyLTIjHKu1

Entry address:
0x1378

Entry point:
68, 48, 89, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 77, BA, 6A, B7, 75, 24, EC, 4F, 9E, 38, A0, 87, 6B, 05, 3F, 96, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 72, 61, 73, 69, 6C, 69, 61, 6E, 65, 72, 69, 6E, 6E, 65, 6E, 00, 08, 41, 00, F0, 07, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, 2E, BA, 31, A7, 2C, E0, 88, 4E, 98, 15, B7, DA, A3, E9, 5E, 1D, 82, D4, 42, 07, F5, 4A, A3, 47, 84, 90, 91, 3B, 8F, 62, F7, 5C, 3A, 4F, AD...
 
[+]

Entropy:
5.8796

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
124 KB (126,976 bytes)

The file 7.exe has been seen being distributed by the following URL.

Remove 7.exe - Powered by Reason Core Security