axqqaovu.exe

StproW

The application axqqaovu.exe has been detected as a potentially unwanted program by 9 anti-malware scanners.
Product:
StproW

Version:
1.0.7.0

MD5:
126194401f6aa0a6009a4a1eaed108a1

SHA-1:
a40cf655b79437ac207e29d0184933a9380c666b

SHA-256:
779fb58115b281bfd62b73ec5e37e6f7ca0a1603a6f4a104646d08cc2e81c416

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:38:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Smartbar.AD
558

Arcabit
Adware.Smartbar.AD
1.0.0.425

AVG
Generic6
2016.0.3036

Bitdefender
Adware.Smartbar.AD
1.0.20.1040

Emsisoft Anti-Malware
Adware.Smartbar.AD
8.15.07.27.02

ESET NOD32
Detection.Undefined
7.0.302.0

F-Secure
Adware.Smartbar.AD
11.2015-27-07_2

G Data
Win32.Application.SmartBar
15.7.25

MicroWorld eScan
Adware.Smartbar.AD
16.0.0.624

File size:
440 KB (450,560 bytes)

Product version:
1.0.7.0

Copyright:
Copyright © 2014

Original file name:
StproW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\apptext\axqqaovu.exe

File PE Metadata
Compilation timestamp:
6/22/2015 4:38:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:MEfa3aWomT4sJayjxigdDc9qC0YDS/piUOeON52Pzbt7I3bqMSJMTNNgFsLG:E3j7csJayjxjdDchKm2PNsLQJuzo

Entry address:
0x6E86A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8898

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
434.5 KB (444,928 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yv-in-f104.1e100.net  (74.125.21.104:80)

TCP (HTTP):
Connects to ec2-54-83-201-51.compute-1.amazonaws.com  (54.83.201.51:80)

TCP (HTTP):
Connects to a23-58-224-226.deploy.static.akamaitechnologies.com  (23.58.224.226:80)

Remove axqqaovu.exe - Powered by Reason Core Security