home

daemon347.exe

The executable daemon347.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from storage1.dms.mpinteractiv.ro.
MD5:
0431cd8ef2c530b7c98cd0c5e13273d5

SHA-1:
de9b5d3adf88df32490365d2539ee0e4ddafd037

SHA-256:
f55f10c5f62c29463c4bfd2739d8246554033bd62de21c64148eb8430e16490e

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/26/2024 2:51:05 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160216-0

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

File size:
568 KB (581,632 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\daemon347.exe

File PE Metadata
Compilation timestamp:
8/26/2004 3:48:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:+fOYeebpze9LSFCwZ/5+4h582spuFX8FytItwmAKB5wz0hfoGKBlfPWEHtML/W:+mhcpELSFCwZ/5+4h587pFFRwmTwz0R0

Entry address:
0xE39B0

Entry point:
B8, 93, CE, BD, D7, 18, C9, 88, E9, 81, E0, C2, 2C, 9F, 75, 0F, BE, FB, 89, F5, BF, C1, 33, 87, E8, 8D, 05, 62, 70, 72, DE, 81, E3, 71, 6E, 32, EA, EB, 06, 8D, 2D, D4, C7, 56, FD, 6B, F6, 00, 0A, DF, 0F, AF, DF, 0F, AF, ED, 03, F5, 73, 06, 8B, EE, 2A, F6, 28, F3, B9, F4, 8B, 50, 23, 68, F4, D6, 1A, 00, EB, 03, 42, 8A, FE, 69, D1, 67, 08, 48, 15, C7, C7, 56, 99, DE, F2, BD, F9, C7, 77, F6, 85, CE, 70, 05, 19, D9, 80, DC, 69, E8, 40, 00, 00, 00, B9, 00, 00, 00, 00, 85, F7, 71, 02, 18, FA, FE, CE, F2, 81, C1...
 
[+]

Entropy:
7.8831  (probably packed)

Code size:
484 KB (495,616 bytes)

The file daemon347.exe has been seen being distributed by the following URL.

http://storage1.dms.mpinteractiv.ro/media/2/84/12690/3954348/.../daemon347.exe

Remove daemon347.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.