» actionhack.exe
Overview
Analysis
File Details
Downloads (1)

actionhack.exe

GoogleUpdater

The executable actionhack.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s5.dosya.tc.

File name:

actionhack.exe

Product:

GoogleUpdater

Version:

1.00.0003

MD5:

0f9d9991812b491ee2495f398b550745

SHA-1:

3ef1f1f4a2944496c5b3ae2f28917ed2faf4499c

SHA-256:

9becad4a7443058d7703d28b45cd26e2cb926b253c9ab82a57b3f4ee0bdbdb2d

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

1/13/2025 6:04:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3250847

230

AegisLab AV Signature

Backdoor.W32.Darkkomet!c

2.1.4+

Avira AntiVirus

TR/AD.Hakops.Y.soxw

8.3.3.4

Arcabit

Trojan.Generic.D319A9F

1.0.0.688

avast!

Win32:Malware-gen

2014.9-160618

AVG

Crypt_vb

2017.0.2708

Bitdefender

Trojan.GenericKD.3250847

1.0.20.850

Emsisoft Anti-Malware

Trojan.GenericKD.3250847

8.16.06.18.12

ESET NOD32

Win32/Injector.CYZJ (variant)

10.13554

Fortinet FortiGate

W32/DarkKomet.GUHY!tr.bdr

6/18/2016

F-Secure

Trojan.GenericKD.3250847

11.2016-18-06_7

G Data

Trojan.GenericKD.3250847

16.6.25

IKARUS anti.virus

Trojan.Crypt

t3scan.2.0.9.0

K7 AntiVirus

Riskware

13.226.19727

Kaspersky

Backdoor.Win32.DarkKomet

14.0.0.37

McAfee

Artemis!0F9D9991812B

5600.6364

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12804.0

MicroWorld eScan

Trojan.GenericKD.3250847

17.0.0.510

nProtect

Trojan.GenericKD.3250847

16.05.27.01

Panda Antivirus

Trj/CI.A

16.06.18.12

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

Backdoor.DarkKomet!8.13E-FNDm9FhlRFI (Cloud)

23.00.65.16616

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R00JC0DEP16

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

49654

File size:

1.2 MB (1,216,512 bytes)

Product version:

1.00.0003

Original file name:

GoogleUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\actionhack.exe

File PE Metadata

Compilation timestamp:

5/17/2016 8:02:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:xPev6OcappRyMns1R7tTDRFwJikJswjIWz:Jev6OcaC1XTDrGN

Entry address:

0x5288

Entry point:

68, D4, 5B, 40, 00, E8, EE, FF, FF, FF, 00, 00, FF, CC, 31, 00, 00, E0, F0, BB, 3C, 89, 01, AD, 47, B8, E9, 2E, 33, 12, 2A, 90, 24, C0, 86, 2F, 48, 7B, 0E, 31, 42, A6, 52, 51, 16, 22, 6A, F9, 93, 72, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 00, 00, 00, 49, 00, 00, 00, 00, 08, 00, 79, 75, 39, 32, 79, 75, 30, 37, 00, 14, 01, 08, 00, 79, 75, 39... 
[+]

Code size:

1 MB (1,089,536 bytes)

The file actionhack.exe has been seen being distributed by the following URL.

http://s5.dosya.tc/en2.php?a=server/.../ActionHack.exe&b=70738fda648672fb713619426f0fd492

Remove actionhack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.