95533c.exe

The executable 95533c.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘95533C’.
MD5:
a74d994630bafe6cbbe5c2cecd7fcc8d

SHA-1:
2ecd966e08afb17ccd822c24b056b443b8e33c2b

SHA-256:
4015f2aae2163c175852dc2be165de452a7650b5d1ca69c8dd6dd665b4b55483

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
11/27/2024 4:35:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Worm.Autorun
7.1.1

AhnLab V3 Security
Win32/Flystudio.worm.Gen
2013.08.02

Avira AntiVirus
TR/Dropper.Gen
7.11.94.116

avast!
Win32:Flystud-Q [Trj]
2014.9-160527

AVG
Generic4_c
2017.0.2730

Bitdefender
GenPack:Backdoor.Generic.184365
1.0.20.740

Clam AntiVirus
Worm.FlyStudio-28
0.98/18155

Comodo Security
UnclassifiedMalware
16692

Dr.Web
Win32.HLLW.Autoruner.26035
9.0.1.0148

Emsisoft Anti-Malware
GenPack:Backdoor.Generic.184365
8.16.05.27.01

ESET NOD32
Win32/Packed.FlyStudio.O.Gen
10.8637

Fortinet FortiGate
W32/PckdFlyStudio.gen
5/27/2016

F-Prot
W32/Nuj.A.gen
v6.4.7.1.166

G Data
GenPack:Backdoor.Generic.184365
16.5.22

IKARUS anti.virus
Virus.Win32.Sality
t3scan.2.0.3.0

K7 AntiVirus
Trojan
13.170.9154

Kaspersky
Trojan.Win32.Scar
14.0.0.147

McAfee
W32/Autorun.worm.ev
5600.6386

Microsoft Security Essentials
Backdoor:Win32/FlyAgent.F
1.163.1557.0

MicroWorld eScan
GenPack:Backdoor.Generic.184365
17.0.0.444

NANO AntiVirus
Virus.Win32.Sality.bgiylc
0.24.0.53571

Norman
FlyAgent.CX
11.20160527

nProtect
Trojan/W32.Agent.1462734
13.08.02.01

Panda Antivirus
Trj/CI.A
16.05.27.01

Quick Heal
Backdoor.FlyAgent.F
5.16.12.00

Rising Antivirus
Worm.Win32.Autorun.eyr
23.00.65.16525

Sophos
Mal/EncPk-NB
4.91

SUPERAntiSpyware
Trojan.Agent/Gen-XPFraud
9118

Total Defense
Win32/Nuj.B!generic
37.0.10498

Trend Micro House Call
WORM_FLYSTUDI.B
7.2.148

Trend Micro
WORM_FLYSTUDI.B
10.465.27

Vba32 AntiVirus
TrojanDownloader.FlyStudio
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Autorun.dm
20080

File size:
1.4 MB (1,462,734 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\3b2382\95533c.exe

File PE Metadata
Compilation timestamp:
12/25/1972 7:33:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.0

CTPH (ssdeep):
24576:pB76bbJPjwbJW8tweTYhI1u0PdlLokm+/d938FRyK9wr3tP:pBMNwbtDkgPdFFRV1sub5

Entry address:
0x1314

Entry point:
52, F9, 56, 57, 50, 53, 51, 0F, 82, BB, FF, FF, FF, C8, 25, CE, 09, 62, 2B, 80, DF, 5A, 14, 9B, 54, EB, CF, 59, 87, 47, 0F, 85, 4A, FE, FF, FF, E9, AD, FE, FF, FF, BC, 59, 8E, D0, F7, AD, 39, 00, 16, 84, 59, EA, BD, A3, 02, 22, BE, E4, AF, 04, 95, 26, DA, F8, 9B, A9, CA, F5, 7D, BB, AD, 44, ED, 95, E6, 87, 97, 80, A8, F9, 57, 3C, C4, 83, C2, FF, F8, 0F, 83, C0, FF, FF, FF, A9, A1, BF, C0, 61, 87, 28, 79, 9C, E4, 28, 74, F6, 34, 5B, B1, FD, 1E, DE, A5, E6, 54, AA, 3B, 7F, BB, 20, 19, 65, CC, E4, 24, 77, 3A...
 
[+]

Entropy:
7.8228  (probably packed)

Code size:
24 KB (24,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
95533C

Command:
C:\Windows\System32\3b2382\95533c.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-0-217-44.compute-1.amazonaws.com  (52.0.217.44:80)

Remove 95533c.exe - Powered by Reason Core Security