home

98h7b66gb.exe

Expedites Crasser

RoseCity Software

The executable 98h7b66gb.exe has been detected as malware by 26 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from theme44.ultracom.co.in and multiple other hosts.
Publisher:
RoseCity Software

Product:
Expedites Crasser

Description:
Hummer

Version:
160, 102, 50, 93

MD5:
196893382e49b4d51d1ec82e3fa4a9c0

SHA-1:
368a08374b8c88aa3e959a00d966c20c5209daa8

SHA-256:
14fe5636302a2768714107dc7380fc6516b62843fd531ca53b40151de13c2310

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
11/5/2024 2:29:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BRYK
318

AegisLab AV Signature
Troj.Locky.Dsb!c
2.1.4+

AhnLab V3 Security
Win-Trojan/Lockycrypt.Gen
2016.03.23

Avira AntiVirus
TR/Locky.dsb
8.3.3.4

Arcabit
Trojan.Agent.BRYK
1.0.0.662

avast!
Win32:Trojan-gen
2014.9-160323

AVG
Generic37
2017.0.2796

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16323

Bitdefender
Trojan.Agent.BRYK
1.0.20.415

Dr.Web
Trojan.Encoder.4207
9.0.1.083

Emsisoft Anti-Malware
Trojan.Win32.FileCoder
8.16.03.23.11

ESET NOD32
Win32/Filecoder.Locky
10.13221

F-Secure
Trojan.Agent.BRYK
11.2016-23-03_4

G Data
Trojan.Agent.BRYK
16.3.25

IKARUS anti.virus
Trojan.Win32.Filecoder
t3scan.2.0.9.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.473

Malwarebytes
Ransom.Locky
v2016.03.23.11

McAfee
RDN/Ransomware-FHI
5600.6452

Microsoft Security Essentials
Ransom:Win32/Locky.A
1.1.12505.0

MicroWorld eScan
Trojan.Agent.BRYK
17.0.0.249

Qihoo 360 Security
HEUR/QVM07.1.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16321

Sophos
Virus 'Troj/Ransom-CPA'
5.23

Trend Micro House Call
Ransom_LOCKY.KCL
7.2.83

Trend Micro
Ransom_LOCKY.KCL
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic
48078

File size:
192 KB (196,608 bytes)

Product version:
189, 43, 162, 133

Copyright:
Copyright © 2013

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\98h7b66gb.exe

File PE Metadata
Compilation timestamp:
4/22/2006 7:22:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:+xQz9B4nAM6UO42uumUroMuja2ClJ7+5J3Vk8mu2zPW+ypP938QMNmJntot9kIpI:+xwkAM52uNCejAN+DZ8QMCntW9Rpp

Entry address:
0x1BC7D

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 00, 42, 00, 68, 00, BE, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, B7, BD, 41, 00, 59, 83, 0D, DC, 61, 44, 00, FF, 83, 0D, E0, 61, 44, 00, FF, FF, 15, C7, BC, 41, 00, 8B, 0D, CD, BC, 41, 00, 89, 08, FF, 15, D5, BC, 41, 00, 8B, 0D, E2, BC, 41, 00, 89, 08, A1, E4, C0, 41, 00, 8B, 00, A3, E4, 61, 44, 00, E8, 11, 01, 00, 00, 39, 1D, 40, 81, 42, 00, 75, 0C, 68, FA, BD, 41, 00, FF, 15, B7, BD...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
108 KB (110,592 bytes)

The file 98h7b66gb.exe has been seen being distributed by the following 6 URLs.

http://theme44.ultracom.co.in/system/.../98h7b66gb.exe

http://theme48.ultracom.co.in/system/.../98h7b66gb.exe

http://toys.inspirr.computerline.hk/system/.../98h7b66gb.exe

http://kerrschemist.mysamplewebsite.net/system/.../98h7b66gb.exe

http://mahanketab.com/system/.../98h7b66gb.exe

http://www.liftune.com/system/.../98h7b66gb.exe

Remove 98h7b66gb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.