ajmewmvvkl.exe

Qt Designer

Digia Plc and/or its subsidiary(-ies)

The executable ajmewmvvkl.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from evaporez.com. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 5050.
Publisher:
Digia Plc and/or its subsidiary(-ies)

Product:
Qt Designer

Version:
1.0.0.0

MD5:
366a3878a2d5a1095cf754d7cbea6d77

SHA-1:
5731c0c2f3a5c75fc2bea86808bf208aacd6fd65

SHA-256:
d2249cb9c7891085db39fd8d571d40616198f106f2f3402af391826d83a9cc93

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
12/25/2024 12:59:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.168537
5731382

Arcabit
Trojan.Zusy.D29259
1.0.0.590

avast!
Win32:Dropper-gen [Drp]
151024-0

AVG
Inject3
2016.0.2931

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.15118

Bitdefender
Gen:Variant.Zusy.168537
1.0.20.1560

Dr.Web
Trojan.PWS.Siggen1.41536
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Zusy.168537
8.15.11.08.06

ESET NOD32
Win32/Injector.CLWY trojan
7.0.302.0

F-Secure
Gen:Variant.Zusy.168537
5.15.21

G Data
Gen:Variant.Zusy.168537
15.11.25

K7 AntiVirus
Trojan
13.212.17782

Kaspersky
Backdoor.Win32.Androm
15.0.0.562

Malwarebytes
Backdoor.IRCBot
v2015.11.08.06

MicroWorld eScan
Gen:Variant.Zusy.168537
16.0.0.936

NANO AntiVirus
Trojan.Win32.Androm.dymkky
0.30.26.4437

Qihoo 360 Security
QVM05.1.Malware.Gen
1.0.0.1077

File size:
859.5 KB (880,128 bytes)

Product version:
1.0.0.0

Copyright:
Copyright (C) 2015 The Qt Company Ltd.

Original file name:
designer.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\ajmewmvvkl.exe

File PE Metadata
Compilation timestamp:
10/23/2014 8:49:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:p+x9BZJTxEox9OxYwHMmW0GO7vPiY0t5Kab:0d/xupktb

Entry address:
0xA9520

Entry point:
55, 8B, EC, 83, C4, F0, B8, 90, 92, 4A, 00, E8, 4C, D7, F5, FF, A1, B4, 1B, 4B, 00, 8B, 00, E8, 7C, 18, FB, FF, 8B, 0D, 34, 1D, 4B, 00, A1, B4, 1B, 4B, 00, 8B, 00, 8B, 15, B8, 89, 4A, 00, E8, 7C, 18, FB, FF, A1, B4, 1B, 4B, 00, 8B, 00, E8, F0, 18, FB, FF, E8, 77, AF, F5, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
673.5 KB (689,664 bytes)

Windows Firewall Allowed Program
Name:
C:\WINDOWS\M-505042360596303803930258603054\winsvc.exe


The file ajmewmvvkl.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:5050)

Remove ajmewmvvkl.exe - Powered by Reason Core Security