» chad.exe
Overview
Analysis
File Details
Downloads (1)

chad.exe

The executable chad.exe has been detected as malware by 13 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from northstar-tg.com.

File name:

chad.exe

MD5:

f3d39015a7b33f2e5207c144730a18fa

SHA-1:

cdbf00e17fa5572a970e8497d01c25d6c153339b

SHA-256:

9ab9332cb71ae98462280fdb6f60d19e6bf6b0843748c78e31da973f33f321f6

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

1/11/2025 11:39:19 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Baidu Antivirus

HackTool.Win32.WinVNC

4.0.3.151212

Bkav FE

W32.Clod824.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

17890

Dr.Web

BACKDOOR.Trojan

9.0.1.0346

K7 AntiVirus

Riskware

13.176.11351

Kaspersky

not-a-virus:RemoteAdmin.Win32.WinVNC-based

14.0.0.981

McAfee

Artemis!F3D39015A7B3

5600.6553

NANO AntiVirus

Trojan.Win32.Generic.bvvhil

0.28.0.58101

Rising Antivirus

PE:Trojan.Win32.Generic.1261AC4E!308390990

23.00.65.151210

SUPERAntiSpyware

Trojan.Agent/Gen-Injector

9451

Trend Micro House Call

TROJ_GEN.R0CBH05L913

7.2.346

Vba32 AntiVirus

Trojan.VB.Nop.ve

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27106

File size:

309.3 KB (316,750 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\chad.exe

File PE Metadata

Compilation timestamp:

4/18/2005 3:51:30 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:sQ2qcI9v1E0/Vxu1g+a/ko/+ymQVtWphD+iLiZqY+BUoEBEjMcWw:lB1Fu1gFZIQVspzBpBUo/j9

Entry address:

0x1CE60

Entry point:

60, BE, 00, 30, 41, 00, 8D, BE, 00, E0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.9824

Packer / compiler:

UPX 2.90LZMA

Code size:

40 KB (40,960 bytes)

The file chad.exe has been seen being distributed by the following URL.

http://northstar-tg.com/chad.exe

Remove chad.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.