home

dreamx.exe

SAPO

The executable dreamx.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MediaCenter’.
Publisher:
SAPO  (signed and verified)

Version:
1.0.0.0

MD5:
d689bd2e347e566db4a0cf73b63d0a00

SHA-1:
50cfff704aa1feb461641b5b4d80fb7eebe9c39e

SHA-256:
f89610eb9cfeca5828f695755f97606d169d1c9ecb6b4c5095e15c10b603458c

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/23/2025 1:01:44 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.6379

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.761

Malwarebytes
Trojan.Banker.IM
v2016.01.25.09

File size:
10.9 MB (11,442,320 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Maltês (Malta)

Common path:
C:\users\{user}\appdata\roaming\dreamx.exe

Digital Signature
Signed by:
SAPO

Authority:
SAPO

Valid from:
6/5/2015 2:08:35 PM

Valid to:
6/5/2016 2:08:35 PM

Subject:
E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Issuer:
E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Serial number:
00A7AB2CD21ECC7345

File PE Metadata
Compilation timestamp:
6/9/2015 9:51:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:yyhMnzFk52d1RxisurOPuV+6fc1y31pJQI3OgZ516/nU/KOquV69QZAZdx0mDve:yvnAc+sSOPy+zo5h3OS16stP69VPx0mC

Entry address:
0x183EC5B

Entry point:
E8, 5F, 37, 68, FF, FD, 3B, 3F, DF, 84, 10, 28, 04, B8, F2, 8A, B7, 73, AC, C8, 7E, 4D, 85, 78, A8, 5E, 99, AF, 53, 03, 36, 64, 0C, 34, E6, 44, E6, A8, E9, 61, AD, 32, 90, A7, 12, 59, 8D, 3F, 86, 78, 32, 98, F6, 30, 08, 97, B2, 35, 67, 59, E6, AD, 46, FB, 07, 8F, 53, 0B, 03, BB, 2F, 6A, AF, 89, 74, DD, 4A, 58, 75, 41, 46, AE, 3F, C7, FC, 98, E4, D0, 2D, 46, D8, 03, C8, 8C, 3C, 99, A6, D4, BD, E8, 76, 46, ED, 18, B9, 51, C0, D6, 14, 3D, 7E, 03, 2C, F4, 2F, B9, FB, B5, FD, 79, 4D, B1, 7D, 0C, B5, AA, 3F, F9...
 
[+]

Code size:
3.1 MB (3,236,864 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MediaCenter

Command:
C:\users\{user}\appdata\roaming\dreamx.exe


Remove dreamx.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.