home

DownloadInjectionSQL.exe

The executable DownloadInjectionSQL.exe has been detected as malware by 19 anti-virus scanners. While running, it connects to the Internet address ru.smart-ip.net on port 80 using the HTTP protocol.
Version:
0.0.0.0

MD5:
9353ea4bbd4ab37ef959ec1d9d940af1

SHA-1:
aa1d194022b8270fdfe1e7de28199b29f4bd35c2

SHA-256:
084e1b16b6824933e8ae93162e1af83420af1a38713b2902e686fc88976bc916

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
11/15/2024 11:32:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.125000
435

AhnLab V3 Security
Trojan/Win32.Gen
2015.11.25

Arcabit
Trojan.Zusy.D1E848
1.0.0.624

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.151127

Bitdefender
Gen:Variant.Zusy.125000
1.0.20.1655

Emsisoft Anti-Malware
Gen:Variant.Zusy.125000
8.15.11.27.07

ESET NOD32
MSIL/Agent.QBC (variant)
9.12617

Fortinet FortiGate
MSIL/Agent.QBC!tr
11/27/2015

F-Secure
Gen:Variant.Zusy.125000
11.2015-27-11_6

G Data
Gen:Variant.Zusy.125000
15.11.25

IKARUS anti.virus
Trojan.MSIL.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17959

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1058

Malwarebytes
Trojan.Agent.MU
v2015.11.27.07

Microsoft Security Essentials
Backdoor:MSIL/Torwofun.B
1.1.12300.0

MicroWorld eScan
Gen:Variant.Zusy.125000
16.0.0.993

Panda Antivirus
Trj/GdSda.A
15.11.27.07

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

VIPRE Antivirus
Trojan.Win32.Generic
45404

File size:
57 KB (58,368 bytes)

Product version:
0.0.0.0

Original file name:
DownloadInjectionSQL.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft manager app\downloadinjectionsql.exe

File PE Metadata
Compilation timestamp:
11/24/2015 4:03:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:daSYKxoV86Xooy5gHl8KoSrRAznoLKXeEU3xHwsOSz2Q8FjP02K7PhQuZiDovG+/:dsKxoBXoaF8KoSrRAznoLKXeEU3xHwsH

Entry address:
0xF99E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
54.5 KB (55,808 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 209-99-40-219.fwd.datafoundry.com  (209.99.40.219:80)

TCP (HTTP):
Connects to ru.smart-ip.net  (193.178.146.17:80)

Remove DownloadInjectionSQL.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.