_alcohol.exe

The executable _alcohol.exe has been detected as malware by 18 anti-virus scanners. While running, it connects to the Internet address vodka2.alcohol-soft.com on port 80 using the HTTP protocol.
MD5:
6a031ef2939f67e33759447ce70b6c52

SHA-1:
da44e91c886c9f5f61a3f29a86fa61eb2be10e22

Scanner detections:
18 / 68

Status:
Malware

Analysis date:
11/23/2024 10:32:26 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Malware/Win32.Trojan Horse
2013.01.02

Bitdefender
Trojan.Generic.3217290
1.0.20.940

Comodo Security
TrojWare.Win32.Trojan.Agent.~ICX
14753

Emsisoft Anti-Malware
Trojan.Generic.3217290
8.14.07.07.03

F-Prot
W32/Trojan2.HDMJ
v6.4.6.5.141

F-Secure
Trojan.Generic.3217290
11.2014-07-07_2

G Data
Trojan.Generic.3217290
14.7.22

IKARUS anti.virus
Trojan.Win32.Horse
t3scan.1.1.122.0

K7 AntiVirus
Trojan
13.155.8058

Malwarebytes
Trojan.Agent
v2014.07.07.03

McAfee
Generic.dx!vok
5600.7077

MicroWorld eScan
Trojan.Generic.3217290
15.0.0.564

Norman
W32/Suspicious_Gen2.WOQN
11.20140707

nProtect
Trojan.Generic.3217290
13.01.01.01

Panda Antivirus
Trj/CI.A
14.07.07.03

Quick Heal
Trojan.Agent.ng
7.14.12.00

SUPERAntiSpyware
Trojan.Agent/Gen-IRCbot
10499

VIPRE Antivirus
Trojan.Win32.Generic
14786

File size:
8.5 KB (8,704 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\thinstall\{e9f81423-211e-46b6-9ae0-38568bc5cf6f}\40000060300002h\_alcohol.exe

File PE Metadata
Compilation timestamp:
4/12/2007 12:00:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
96:D6Qu9Y1fjLFOjviacgyw8bH5ToUsQj83W0Z/IW6n/ZwxY2655qyol7/:Dy9qjATiaPyN2fVIXnxwxYb507

Entry address:
0x1F26

Entry point:
9C, 60, 68, 53, 74, 41, 6C, 68, 54, 68, 49, 6E, E8, 00, 00, 00, 00, 58, BB, 37, 1F, 00, 00, 2B, C3, 50, 68, 00, 00, 40, 00, 68, 00, 2C, 00, 00, 68, 04, 01, 00, 00, E8, BA, FE, FF, FF, E9, 90, FF, FF, FF, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, C4, F4, FC, 53, 57, 56, 8B, 75, 08, 8B, 7D, 0C, C7, 45, FC, 08, 00, 00, 00, 33, DB, BA, 00, 00, 00, 80, 43, 33, C0, E8, 19, 01, 00, 00, 73, 0E, 8B, 4D, F8, E8, 27, 01, 00, 00, 02, 45, F7, AA, EB, E9, E8, 04, 01, 00, 00, 0F, 82, 96, 00, 00, 00, E8, F9, 00, 00, 00...
 
[+]

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to vodka2.alcohol-soft.com  (95.211.206.2:80)

Remove _alcohol.exe - Powered by Reason Core Security