home

araraq.exe

Yahoo! Messenger

The executable araraq.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘{305EE67D-6CF3-BDB2-9964-7A4CA284D5DB}’.
Publisher:
Yahoo! Inc.*  (Invalid match)

Product:
Yahoo! Messenger

Version:
11,5,0,0228

MD5:
6e77e30c1f673b54e13a5b0b635dea9b

SHA-1:
2f559b52d82ef4f172c8064387db8e9ec9999e26

SHA-256:
063f2d712d6e6e5621c07af148e46e8807755e155dbbd4c39e8f4ac2dc1cb015

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/1/2025 8:08:45 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.PWS.Stealer.13336
9.0.1.05190

ESET NOD32
MSIL/Injector.KDE trojan
6.3.12010.0

File size:
380.5 KB (389,632 bytes)

Product version:
11,5,0,0228

Copyright:
(c) 1998-2012 Yahoo! Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\atwu\araraq.exe

File PE Metadata
Compilation timestamp:
6/9/2015 7:24:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x32DEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.8394

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
196 KB (200,704 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
{305EE67D-6CF3-BDB2-9964-7A4CA284D5DB}

Command:
"C:\users\{user}\appdata\roaming\atwu\araraq.exe"


Remove araraq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.