cywccldbyv.exe

The executable cywccldbyv.exe has been detected as malware by 28 anti-virus scanners. The file has been seen being downloaded from s1.sfcdn.in.
Version:
0.0.0.0

MD5:
f229fcb8dadae65e1d0b1d7891f80df6

SHA-1:
c0194ef4cec8d0d06c3eb1888cb13bd5418ba1df

SHA-256:
174e22dc54ae1e54d747aef3686a29bd3d65cded5b9ccfb1470050e4f9e86403

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
11/23/2024 7:50:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1440511
221

Agnitum Outpost
Trojan.Fsysna
7.1.1

AhnLab V3 Security
Trojan/Win32.Disfa
16.06.28

Avira AntiVirus
TR/Agent.69632.58
7.11.141.188

avast!
Win32:Dropper-gen [Drp]
2014.9-160628

AVG
Generic35
2017.0.2699

Baidu Antivirus
Trojan.Win32.Fsysna
4.0.3.16628

Bitdefender
Trojan.GenericKD.1440511
1.0.20.900

Dr.Web
Trojan.DownLoader10.60001
9.0.1.0180

Emsisoft Anti-Malware
Trojan.GenericKD.1440511
8.16.06.28.07

ESET NOD32
MSIL/Bladabindi
10.9648

Fortinet FortiGate
W32/Fsysna.CSQ!tr
6/28/2016

F-Secure
Trojan.GenericKD.1440511
11.2016-28-06_3

G Data
Trojan.GenericKD.1440511
16.6.24

IKARUS anti.virus
Trojan.Win32.Fsysna
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11684

Kaspersky
Trojan.Win32.Fsysna
14.0.0.-11

McAfee
RDN/Generic.dx!c2o
5600.6355

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.10401

MicroWorld eScan
Trojan.GenericKD.1440511
17.0.0.540

NANO AntiVirus
Trojan.Win32.Fsysna.cqmlea
0.28.0.59048

nProtect
Trojan.GenericKD.1440511
14.04.07.01

Panda Antivirus
Generic Malware
16.06.28.07

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0DLB13
7.2.180

Trend Micro
TROJ_GEN.R0CBC0DLB13
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
28115

File size:
65.5 KB (67,072 bytes)

Product version:
0.0.0.0

Original file name:
avast!.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\cywccldbyv.exe

File PE Metadata
Compilation timestamp:
11/16/2013 8:59:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:KSJY4or5pdrqdrrSiU7h2nVNcL3y3HAvgxERa011Tgugn5mtYUJl+ABo1+:KSJZWYzUAvc23Hcva0ngugn5+Ya2+

Entry address:
0x1107E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.3530

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
60.5 KB (61,952 bytes)

The file cywccldbyv.exe has been seen being distributed by the following URL.

Remove cywccldbyv.exe - Powered by Reason Core Security