737663.exe

Shorokoff

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Host Process for Windows Services’. The file has been seen being downloaded from hotvideo.website and multiple other hosts.
Publisher:
Shorokoff

Product:
Shorokoff

Version:
5.01

MD5:
30766d6daab5c9aaed09d7951d9725b3

SHA-1:
f05a6e9a4d7a6e5972b81826b7f3da0ec3c3232c

SHA-256:
a7c35d22ad6966c7fe7af681bc6b4f18e34aff0433ab2c1fbbbea285b1aa89cd

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/14/2024 4:17:25 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:GenMalicious-LXO [PUP]
160215-2

File size:
808 KB (827,392 bytes)

Product version:
5.01

Copyright:
Shorokoff

Trademarks:
Shorokoff

Original file name:
Shorokoff.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\737663.exe

File PE Metadata
Compilation timestamp:
3/13/2016 7:58:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:76od87ewn0STVn+grwE96WBxR04Vki8Ujw4ma1S/H:76F7erSTVHHBki8U06U/

Entry address:
0x3E24

Entry point:
68, 24, 44, 40, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 47, F1, E1, CC, 68, E3, 00, 42, AF, 95, 2E, 89, C7, EB, 0F, 5E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 68, 6F, 72, 6F, 6B, 6F, 66, 66, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 02, 00, 00, 00, B1, BE, 76, 9A, 23, 54, 4A, 4D, A6, 1D, FC, 17, 7A, 2A, 2D, 62, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
636 KB (651,264 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Host Process for Windows Services

Command:
C:\users\{user}\appdata\local\microsoft\svchost.exe


The file 737663.exe has been seen being distributed by the following 9 URLs.

http://hotvideo.website/amg12.php

http://104.236.255.14/v49.exe

Scan 737663.exe - Powered by Reason Core Security