» bvycd.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

bvycd.exe

Xplayer

Zaid Markabi

The executable bvycd.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WindowsApp.exe’. The file has been seen being downloaded from ddl3.data.hu.

File name:

bvycd.exe

Publisher:

Zaid Markabi

Product:

Xplayer

Version:

1.00

MD5:

2461c5c6594f3f2a46fb0b52f1f498a8

SHA-1:

8410c343658d9b8df989c8251d09c8b2e5e5b68c

SHA-256:

f1711cce9ff826ab87332492a2ff16ec4a3bea6baa05b8fe713de51fccae8266

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

11/24/2024 9:33:53 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.16324

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.468

Panda Antivirus

Generic Suspicious

16.03.24.10

Qihoo 360 Security

QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Malware.RDM.35!5.29 [F]

23.00.65.16322

File size:

543.5 KB (556,581 bytes)

Product version:

1.00

Original file name:

chofkata.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\bvycd.exe

File PE Metadata

Compilation timestamp:

3/20/2016 7:20:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:z6GNu3SvZCDrugeQQfzAqybguOQcqtctJd7G:z6GNu3SxCOgeQQfrybguObISv6

Entry address:

0x18A4

Entry point:

68, E8, 19, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 7F, A6, 9F, 87, 7C, E0, 3C, 48, A7, 50, 4A, 26, 36, 80, 49, 54, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 87, 7A, 00, 00, 00, 80, 58, 70, 6C, 61, 79, 65, 72, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, CC, 3A, CA, 37, 5D, 92, CB, 45, B2, 88, 42, 9A, 90, 01, C6, 87, 36, B9, AE, 32, B9, B5, 46, 41, B4, 76, BE, BA, 49, A6, 4B, 28, 72, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

136 KB (139,264 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WindowsApp.exe

Command:

C:\users\{user}\appdata\roaming\windowsapp\windowsapp.exe

The file bvycd.exe has been seen being distributed by the following URL.

http://ddl3.data.hu/get/0/.../crt66.exe

Remove bvycd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.