» ec.exe
Overview
Analysis
File Details
Downloads (1)

ec.exe

亚数信息科技（上海）有限公司

The executable ec.exe has been detected as malware by 17 anti-virus scanners. The file has been seen being downloaded from jp.config.371pub.com.

File name:

ec.exe

Publisher:

亚数信息科技（上海）有限公司 (signed and verified)

MD5:

a09ef089614bed08919ca50920dacd16

SHA-1:

3d1bf31dcaf9acdc8342f2dbb722d25b88c6f663

SHA-256:

d44e0613e0b97b73017b11bba6acdfcc7a02bcba25289734680779baec83c975

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

11/24/2024 5:00:54 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.172417

673

Agnitum Outpost

Trojan.Rogue

7.1.1

Avira AntiVirus

TR/Rogue.12856

7.11.218.106

avast!

Win32:Trojan-gen

2014.9-150403

Bitdefender

Gen:Variant.Graftor.172417

1.0.20.465

Comodo Security

UnclassifiedMalware

21460

Emsisoft Anti-Malware

Gen:Variant.Graftor.172417

8.15.04.03.03

F-Secure

Gen:Variant.Graftor.172417

11.2015-03-04_6

G Data

Gen:Variant.Graftor.172417

15.4.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.201.15307

McAfee

Artemis!A09EF089614B

5600.6807

MicroWorld eScan

Gen:Variant.Graftor.172417

16.0.0.279

Norman

Troj_Generic.YMGSM

11.20150403

Trend Micro House Call

TROJ_GEN.R000C0EBF15

7.2.93

Trend Micro

TROJ_GEN.R000C0EBF15

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

38556

File size:

12.6 KB (12,856 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\ec.exe

Digital Signature

Signed by:

亚数信息科技（上海）有限公司

Authority:

TrustAsia Technologies, Inc.

Valid from:

5/19/2013 6:54:00 PM

Valid to:

5/19/2015 6:54:00 PM

Subject:

CN=亚洲诚信代码签名测试证书, O=亚数信息科技（上海）有限公司, L=上海市, S=上海市, C=CN

Issuer:

CN=TrustAsia Code Signing CA, O="TrustAsia Technologies, Inc.", C=CN

Serial number:

File PE Metadata

Compilation timestamp:

1/19/2015 4:44:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

192:mJb02Pr4W89zzAzzrzr6GW6pastCno2VjD3+e+PjPDyNIt1eUVmW:mRiD9z8znH6GbCnkPLDsW

Entry address:

0x140B

Entry point:

E8, 89, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, A8, 20, 40, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 40, 31, 40, 00, 89, 0D, 3C, 31, 40, 00, 89, 15, 38, 31, 40, 00, 89, 1D, 34, 31, 40, 00, 89, 35, 30, 31, 40, 00, 89, 3D, 2C, 31, 40, 00, 66, 8C, 15, 58, 31, 40, 00, 66, 8C, 0D, 4C, 31, 40, 00, 66, 8C, 1D, 28, 31, 40, 00, 66, 8C, 05, 24, 31, 40, 00, 66, 8C, 25, 20, 31, 40, 00, 66, 8C, 2D, 1C, 31, 40, 00, 9C, 8F, 05, 50, 31, 40, 00, 8B, 45, 00, A3, 44, 31, 40, 00, 8B, 45, 04, A3, 48, 31, 40, 00... 
[+]

Entropy:

6.4559

Code size:

2.5 KB (2,560 bytes)

The file ec.exe has been seen being distributed by the following URL.

http://jp.config.371pub.com/.../ec.exe

Remove ec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.