» dj.exe
Overview
Analysis
File Details
Behaviors (1)
Network (8)

dj.exe

The executable dj.exe has been detected as malware by 28 anti-virus scanners. It runs as a windows Service named “name2”. While running, it connects to the Internet address www.advens.ru on port 80 using the HTTP protocol.

File name:

dj.exe

MD5:

2143c781ddc6ea4509ef782a4a0a4b0e

SHA-1:

b9d7ba34b297e3e299268901fd4e9d36f32bf0ee

SHA-256:

57c2c845c39b5ecb1e98c04da995217d360095598cdaf2ffc9fe3e23b137c50e

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

11/27/2024 9:47:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.58286

596

AhnLab V3 Security

Trojan/Win32.Xema

2015.04.11

avast!

Win32:Malware-gen

2014.9-150618

AVG

PSW.Generic12

2016.0.3074

Baidu Antivirus

Trojan.Win32.Staser

4.0.3.15618

Bitdefender

Gen:Variant.Zusy.58286

1.0.20.845

Bkav FE

W32.HfsIemusi

1.3.0.6379

Comodo Security

UnclassifiedMalware

21717

Dr.Web

Trojan.PWS.Tibia.2497

9.0.1.0169

Emsisoft Anti-Malware

Gen:Variant.Zusy.58286

8.15.06.18.08

ESET NOD32

Win32/Spy.Delf.PKE

9.11455

Fortinet FortiGate

W32/Delf.PKE!tr.spy

6/18/2015

F-Secure

Gen:Variant.Zusy.58286

11.2015-18-06_5

G Data

Gen:Variant.Zusy.58286

15.6.25

IKARUS anti.virus

BehavesLikeTrojan.ShellObject

t3scan.1.8.9.0

Kaspersky

Trojan.Win32.Staser

14.0.0.1866

Malwarebytes

Spyware.Password

v2015.06.18.08

McAfee

BackDoor-FBWR!2143C781DDC6

5600.6730

Microsoft Security Essentials

Trojan:Win32/Dishigy.I

1.1.11502.0

MicroWorld eScan

Gen:Variant.Zusy.58286

16.0.0.507

Norman

Agent.AZBAW

11.20150618

nProtect

Trojan/W32.Staser.38400.B

15.04.10.01

Panda Antivirus

Generic Malware

15.06.18.08

Rising Antivirus

PE:Trojan.Win32.Generic.15CB91D4!365662676

23.00.65.15616

Sophos

Troj/FakeAV-HCS

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Symmi

9805

Vba32 AntiVirus

suspected of Trojan.Notifier.gen

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Dishigy.i

39222

File size:

37.5 KB (38,400 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\dj.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

768:QVyAqcQ4gBdyj5O6Gn2F/AIssWSaUvsjgv0xM5b5+:7AqcQ40dmGnussWSaUvGLxM3

Entry address:

0x853C

Entry point:

55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, EC, 84, 40, 00, E8, 8D, BE, FF, FF, 33, C0, 55, 68, 16, 87, 40, 00, 64, FF, 30, 64, 89, 20, C6, 05, B0, D5, 5B, 06, 00, 8D, 55, E8, B8, 2C, 87, 40, 00, E8, 27, C2, FF, FF, 8B, 45, E8, 8D, 55, EC, E8, 20, C3, FF, FF, 8B, 55, EC, B8, E0, D5, 5B, 06, E8, 5B, B4, FF, FF, 8D, 55, E0, B8, 54, 87, 40, 00, E8, 02, C2, FF, FF, 8B, 45, E0, 8D, 55, E4, E8, FB, C2, FF, FF, 8B, 55, E4, B8, E4, D5, 5B, 06, E8, 36, B4, FF, FF, 8D, 55, D8, B8, 7C, 87... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

30.5 KB (31,232 bytes)

Service

Display name:

name2

Service name:

name1

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip93.ip-51-255-138.eu (51.255.138.93:80)

TCP (HTTP):

Connects to wpl3.hosting.reg.ru (37.140.192.61:80)

TCP (HTTP):

Connects to kese2.com (185.82.216.64:80)

TCP (HTTP):

Connects to zeta.myhosting.name (95.211.193.38:80)

TCP (HTTP):

Connects to 91.223.223.137.hostpro.com.ua (91.223.223.137:80)

TCP (HTTP):

Connects to www.advens.ru (51.254.174.184:80)

TCP (HTTP SSL):

Connects to static.11.85.63.178.clients.your-server.de (178.63.85.11:443)

Remove dj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.