checker domzone.exe

Source domzone

The executable checker domzone.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc626.4shared.com.
Product:
Source domzone

Version:
1.0.0.0

MD5:
65bdcceef7e7413723b22e95856b27dc

SHA-1:
96c0514f81e47971e6edca1d92b2b3c2a7bfaf92

SHA-256:
1f6401d4e004e2944674ea8ea102800e80864c17fbd82c4e13bdd2ff1ed94de3

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/23/2024 10:04:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.33119
239

Arcabit
Trojan.Razy.D815F
1.0.0.672

Bitdefender
Gen:Variant.Razy.33119
1.0.20.810

Emsisoft Anti-Malware
Gen:Variant.Razy.33119
8.16.06.10.08

F-Secure
Gen:Variant.Razy.33119
11.2016-10-06_6

G Data
Gen:Variant.Razy.33119
16.6.25

MicroWorld eScan
Gen:Variant.Razy.33119
17.0.0.486

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

File size:
398.5 KB (408,064 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Source domzone.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\checker domzone.exe

File PE Metadata
Compilation timestamp:
2/18/2016 5:09:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:LpL8mwOdc4S6QnMiFqSpL8mwOdc4S6QnMiFqypJadRo2a0uD:dRwOdc4S6q/qkRwOdc4S6q/qyLa

Entry address:
0x620FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
384.5 KB (393,728 bytes)

The file checker domzone.exe has been seen being distributed by the following URL.

Remove checker domzone.exe - Powered by Reason Core Security