codecx_setup.exe

The executable codecx_setup.exe has been detected as malware by 6 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘NetworkInformer’. The file has been seen being downloaded from freecodecupdate.3utilities.com.
MD5:
32afcd603dca1f16e74119c43063468c

SHA-1:
52674acb906eece6afc6268a330b191a7a5c93ae

SHA-256:
916f955fe94c76b83730c6a4d3bb6bac3bb2969d30ac8d86753b306b8ad7ae43

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/24/2024 5:50:26 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Win32.HLLW.Autoruner2.24532
9.0.1.05190

ESET NOD32
Win32/Injector.DAUM trojan
8.0.319.0

F-Secure
Trojan.GenericKD.3343147
5.15.96

Kaspersky
Backdoor.Win32.Hlux
15.0.0.562

McAfee
Trojan.PWSZbot-FASL!32AFCD603DCA
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.2606.0

File size:
1.1 MB (1,105,305 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\codecx_setup.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

CTPH (ssdeep):
24576:tguwgMvZ9igeGTEZPeykA2nPfEVmm2e7bTu1:tviZTevWyamR7u1

Entry address:
0x5C30

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, AB, 00...
 
[+]

Code size:
36 KB (36,865 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
NetworkInformer

Command:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\codecx_setup.exe


The file codecx_setup.exe has been seen being distributed by the following URL.

Remove codecx_setup.exe - Powered by Reason Core Security