droidjack.exe

The executable droidjack.exe has been detected as malware by 22 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www12.zippyshare.com.
MD5:
62433556441366100f7af1d066afd760

SHA-1:
b3de476c654a240d73801ea7086d827b71bb8d5a

SHA-256:
c43e46bd6fe0f1ea9e7821e999e7a78278286271a4d34620a4433f18478f19ac

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
12/27/2024 2:40:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Android.Trojan.AndroRAT.E
331

AegisLab AV Signature
Troj.Dropper.Vbs!c
2.1.4+

avast!
Android:DroidJack-A [Trj]
2014.9-160310

Comodo Security
TrojWare.VBS.TrojanDropper.Agent.A
23835

Dr.Web
Android.Spy.184.origin
9.0.1.070

ESET NOD32
VBS/TrojanDropper.Agent.NDD
10.12768

Fortinet FortiGate
VBS/Agent.NDD!tr
3/10/2016

F-Secure
Worm:VBS/Njw0rm.B
11.2016-10-03_5

G Data
Android.Trojan-Spy.SandroRat
16.3.25

IKARUS anti.virus
Trojan-Spy.AndroidOS.Kasandra
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18203

Kaspersky
Trojan-Dropper.VBS.Agent
14.0.0.540

McAfee
Artemis!AA4F4ED6E00B
5600.6465

Microsoft Security Essentials
TrojanDropper:VBS/Twexag.A
1.1.12400.0

MicroWorld eScan
Android.Trojan.AndroRAT.E
17.0.0.210

NANO AntiVirus
Trojan.Android.Zerat.dekxmy
1.0.14.5317

Panda Antivirus
Trj/CI.A
16.03.16.03

Qihoo 360 Security
HEUR/QVM06.2.Malware.Gen
1.0.0.1120

Quick Heal
Android.Sandr.A
3.16.14.00

Rising Antivirus
VBS:Trojan.Agent!1.A1C8 [F]
23.00.65.16308

Sophos
Andr/SandRat-B
4.98

VIPRE Antivirus
Trojan-Dropper.VBS.Twexag.a
45948

File size:
34.1 MB (35,771,635 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\droidjack.exe

File PE Metadata
Compilation timestamp:
2/15/2015 12:00:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:1JsREricaHEDoqWoUfpTHVRy6e1d+/oVnITsZwX+sk9z+4byb3/0:1xT+oUfpiv1o/EITsxb+fT8

Entry address:
0x10F4C

Entry point:
E8, 2D, 64, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Entropy:
7.9997  (probably packed)

Code size:
111.5 KB (114,176 bytes)

The file droidjack.exe has been seen being distributed by the following URL.

Remove droidjack.exe - Powered by Reason Core Security