acpu.exe

isfast

The executable acpu.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘acpu.exe’. While running, it connects to the Internet address 65-254-227-224.yourhostingaccount.com on port 80 using the HTTP protocol.
Publisher:
Microsoft*  (Invalid match)

Product:
isfast

Version:
1.00

MD5:
e55b2dc9739b4fd1af030b62bb1db821

SHA-1:
b4e860b053b286bcd0fb96034e06f7bc8d2fabc6

SHA-256:
52f66fa6dba629fe215d384db7ae5327269b7e87f43b7d6389bf17a317b14ee8

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/24/2024 4:01:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160917-0

ESET NOD32
Win32/TrojanClicker.VB.OIY trojan
6.3.12010.0

F-Secure
Trojan.Heur.VP2.Om0@ae9DNYgi
5.15.154

File size:
652 KB (667,648 bytes)

Product version:
1.00

Original file name:
acpu.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\win32\acpu.exe

File PE Metadata
Compilation timestamp:
8/11/2016 4:31:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1410

Entry point:
68, 38, B8, 49, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 38, 00, 00, 00, 5E, B5, 96, E2, A7, CF, 2D, 4A, 8A, 59, 33, CA, 26, AF, 33, FB, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 61, 61, 00, 30, 30, 30, 30, 30, 79, 6F, 75, 20, 63, 61, 6E, 20, 73, 65, 65, 20, 69, 6E, 74, 65, 72, 6E, 65, 74, 20, 77, 69, 74, 68, 20, 20, 61, 20, 6C, 6F, 74, 20, 6F, 66, 20, 62, 65, 6E, 65, 66, 69, 74, 00, 4F, 4C, 45, 20, 00, 00, 00, 00, FF, CC, 31, 00, 07, 72, 97, B8...
 
[+]

Entropy:
7.8615

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
632 KB (647,168 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
acpu.exe

Command:
C:\windows\win32\acpu.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 65-254-227-224.yourhostingaccount.com  (65.254.227.224:80)

Remove acpu.exe - Powered by Reason Core Security