act.exe

Project1

noOrg

The executable act.exe has been detected as malware by 6 anti-virus scanners.
Publisher:
noOrg

Product:
Project1

Version:
1.00

MD5:
92f9a4332edb4f51f00c9f1bea34e918

SHA-1:
2bb96dcc0f00257a9c422047c9f5e4ec4e603461

SHA-256:
a37b16222a2031375eb1f99c0040c16372b3b32e528d01178b0420cd75c51558

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/25/2024 3:48:19 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/VB.Downloader.Gen
8.3.3.4

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17125

ESET NOD32
Win32/TrojanDownloader.VB.RAA (variant)
11.14828

Rising Antivirus
Malware.Generic!jXJajm1k06P@5 (thunder)
23.00.65.17123

SUPERAntiSpyware
Trojan.Agent/Gen-Faker
8632

Vba32 AntiVirus
SScope.Malware-Cryptor.VBCR.1841
3.12.26.4

File size:
64 KB (65,536 bytes)

Product version:
1.00

Original file name:
act.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\act.exe

File PE Metadata
Compilation timestamp:
1/25/2017 5:26:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1158

Entry point:
68, FC, 58, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 40, 00, 00, 00, 65, 38, F9, EC, 87, A6, 15, 46, A0, BB, 06, 41, ED, 16, 29, A0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 54, 65, 61, 6D, 56, 69, 65, 77, 00, ED, 17, 03, 00, 00, 00, 00, 54, 65, 61, 6D, 56, 69, 65, 77, 57, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, B7, 51, C7, 94, D9, 04, 0E, 43, 91, FB, 31, 25, D9, 5A, 04, 8C, 32, 82, F6, DA, 95, 73, A6, 47, B0, E5, A5...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
40 KB (40,960 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s215.web-hosting.com  (198.54.114.222:80)

TCP (HTTP):
Connects to iad23s42-in-f100.1e100.net  (216.58.217.100:80)

TCP (HTTP):
Connects to iad23s40-in-f228.1e100.net  (216.58.218.228:80)

Remove act.exe - Powered by Reason Core Security