» cl_2_eng.exe
Overview
Analysis
File Details
Network (1)

cl_2_eng.exe

The executable cl_2_eng.exe has been detected as malware by 39 anti-virus scanners. While running, it connects to the Internet address impossiblecreatures.ca on port 80 using the HTTP protocol.

File name:

cl_2_eng.exe

MD5:

c744eb34da84f4a1ec818b4f18b178e3

SHA-1:

7e4b4feeb3b52b8dee916c53abe2c510415dda2d

SHA-256:

2432082f72585075ef6a8b434b00aa5cd5ffaf089418b90c6b63b4b940b91e89

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

12/28/2024 8:38:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Worm.Generic.357537

958

Agnitum Outpost

Worm.AutoRun

7.1.1

AhnLab V3 Security

Worm/Win32.AutoRun

2014.06.22

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

avast!

Win32:Trojan-gen

140617-1

AVG

Found Win32/DH{gRKBE3k2Aw9 ICIjJU4}

2014.0.3972

Bitdefender

Worm.Generic.357537

1.0.20.860

Bkav FE

W32.OnGamesLT031012KGHN

1.3.0.4959

Clam AntiVirus

Worm.Autorun-9877

0.98/21411

Comodo Security

TrojWare.Win32.Kryptik.VARA

18624

Dr.Web

Win32.HLLW.Autoruner1.889

9.0.1.05190

Emsisoft Anti-Malware

Worm.Generic.357537

8.14.06.21.11

ESET NOD32

Win32/Agent.NJO worm

7.0.302.0

Fortinet FortiGate

W32/Autorun.CXP!tr

6/21/2014

F-Prot

W32/Bifrost.AF.gen

4.6.5.141

F-Secure

Worm.Generic.357537

11.2014-21-06_7

G Data

Worm.Generic.357537

14.6.24

IKARUS anti.virus

Trojan.Win32.Finodes

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12484

Kaspersky

Worm.Win32.AutoRun

15.0.0.463

Malwarebytes

Worm.Autorun

v2014.06.21.11

McAfee

W32/Autorun.worm.ht

5600.7092

Microsoft Security Essentials

Threat.Undefined

1.177.411.0

NANO AntiVirus

Trojan.Win32.AutoRun.rfaml

0.28.0.60253

Norman

FakeFolder.A

11.20140621

nProtect

Worm.Generic.357537

14.06.20.01

Panda Antivirus

Generic Malware

14.06.21.11

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Quick Heal

Trojan.Finodes.BB5

6.14.14.00

Rising Antivirus

PE:Malware.FakeFolder@CV!1.6ABC

23.00.65.14619

Sophos

Mal/Behav-043

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-FolderCon

10529

Total Defense

Win32/FakeFLDR_i

37.0.11013

Trend Micro House Call

Mal_OtorunN

7.2.172

Trend Micro

Mal_OtorunN

10.465.21

Vba32 AntiVirus

Worm.AutoRun.cxps

3.12.26.3

VIPRE Antivirus

Threat.4657539

29708

ViRobot

Worm.Win32.A.AutoRun.117760.W

2011.4.7.4223

Zillya! Antivirus

Worm.AutoRun.Win32.46218

2.0.0.1833

File size:

216 KB (221,184 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

1536:L++fq6M5b9NqTxV67wAInyAeG+90MHJaOsp1gMIEELZ2G6CNgRtOOOOOOOOEQ6:L++VMoTxyi9e7O1IXLoSWRq

Entry point:

E8, 83, 27, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 41, 00, 89, 0D, 74, AD, 41, 00, 89, 15, 70, AD, 41, 00, 89, 1D, 6C, AD, 41, 00, 89, 35, 68, AD, 41, 00, 89, 3D, 64, AD, 41, 00, 66, 8C, 15, 90, AD, 41, 00, 66, 8C, 0D, 84, AD, 41, 00, 66, 8C, 1D, 60, AD, 41, 00, 66, 8C, 05, 5C, AD, 41, 00, 66, 8C, 25, 58, AD, 41, 00, 66, 8C, 2D, 54, AD, 41, 00, 9C, 8F, 05, 88, AD, 41, 00, 8B, 45, 00, A3, 7C, AD, 41, 00, 8B, 45, 04, A3, 80, AD, 41, 00, 8D, 45, 08, A3, 8C, AD, 41... 
[+]

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to impossiblecreatures.ca (207.46.197.32:80)

Remove cl_2_eng.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.