cweoedy.exe

The executable cweoedy.exe has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address ip-184-168-221-60.ip.secureserver.net on port 5190.
MD5:
8c6cde47cea77e15e73a9afe303f12f3

SHA-1:
ed7543f2e299761b1782cc375bfd753b521fd564

SHA-256:
48ce4582f388d554b8a4b23d8f7f3c4c98d89d60af3a95dc8bb52073f2f477d3

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/25/2024 1:32:30 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Barys.52093
10.0.0.5735

ESET NOD32
MSIL/Injector.OOF trojan
8.0.319.0

F-Secure
Variant.Barys.52093
5.15.96

File size:
88.5 KB (90,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\cweoedy.exe

File PE Metadata
Compilation timestamp:
3/29/2016 1:21:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:fkcSpky3nmxfeKECOIKCBRilUTOOLcKcd4LwFHM1yczvUD6XJ:fujcffYsRilAOs+ywFs1Nz1

Entry address:
0x6BDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 03, 00, 00, 00, 20, 00, 00, 80, 0E, 00, 00, 00, 80, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 32, 00, 00, 00, 98, 00, 00, 80, 33, 00, 00, 00, B0, 00, 00, 80, 34, 00, 00, 00, C8, 00, 00, 80, 35, 00, 00, 00, E0, 00, 00, 80, 36, 00, 00, 00, F8, 00, 00, 80, 37, 00, 00, 00, 10, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
19 KB (19,456 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to ip-184-168-221-60.ip.secureserver.net  (184.168.221.60:5190)

Remove cweoedy.exe - Powered by Reason Core Security