» ajmewmvvkl.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)
Network (1)

ajmewmvvkl.exe

Qt Designer

Digia Plc and/or its subsidiary(-ies)

The executable ajmewmvvkl.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from evaporez.com. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 5050.

File name:

ajmewmvvkl.exe

Publisher:

Digia Plc and/or its subsidiary(-ies)

Product:

Qt Designer

Version:

1.0.0.0

MD5:

366a3878a2d5a1095cf754d7cbea6d77

SHA-1:

5731c0c2f3a5c75fc2bea86808bf208aacd6fd65

SHA-256:

d2249cb9c7891085db39fd8d571d40616198f106f2f3402af391826d83a9cc93

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

11/5/2024 1:38:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.168537

5731382

Arcabit

Trojan.Zusy.D29259

1.0.0.590

avast!

Win32:Dropper-gen [Drp]

151024-0

AVG

Inject3

2016.0.2931

Baidu Antivirus

Backdoor.Win32.Androm

4.0.3.15118

Bitdefender

Gen:Variant.Zusy.168537

1.0.20.1560

Dr.Web

Trojan.PWS.Siggen1.41536

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.168537

8.15.11.08.06

ESET NOD32

Win32/Injector.CLWY trojan

7.0.302.0

F-Secure

Gen:Variant.Zusy.168537

5.15.21

G Data

Gen:Variant.Zusy.168537

15.11.25

K7 AntiVirus

Trojan

13.212.17782

Kaspersky

Backdoor.Win32.Androm

15.0.0.562

Malwarebytes

Backdoor.IRCBot

v2015.11.08.06

MicroWorld eScan

Gen:Variant.Zusy.168537

16.0.0.936

NANO AntiVirus

Trojan.Win32.Androm.dymkky

0.30.26.4437

Qihoo 360 Security

QVM05.1.Malware.Gen

1.0.0.1077

File size:

859.5 KB (880,128 bytes)

Product version:

1.0.0.0

Original file name:

designer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temp\ajmewmvvkl.exe

File PE Metadata

Compilation timestamp:

10/23/2014 8:49:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:p+x9BZJTxEox9OxYwHMmW0GO7vPiY0t5Kab:0d/xupktb

Entry address:

0xA9520

Entry point:

55, 8B, EC, 83, C4, F0, B8, 90, 92, 4A, 00, E8, 4C, D7, F5, FF, A1, B4, 1B, 4B, 00, 8B, 00, E8, 7C, 18, FB, FF, 8B, 0D, 34, 1D, 4B, 00, A1, B4, 1B, 4B, 00, 8B, 00, 8B, 15, B8, 89, 4A, 00, E8, 7C, 18, FB, FF, A1, B4, 1B, 4B, 00, 8B, 00, E8, F0, 18, FB, FF, E8, 77, AF, F5, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

673.5 KB (689,664 bytes)

Windows Firewall Allowed Program

Name:

C:\WINDOWS\M-505042360596303803930258603054\winsvc.exe

The file ajmewmvvkl.exe has been seen being distributed by the following URL.

http://evaporez.com/work.exe

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to 125.235.4.59.adsl.viettel.vn (125.235.4.59:5050)

Remove ajmewmvvkl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.