ec.exe

亚数信息科技(上海)有限公司

The executable ec.exe has been detected as malware by 17 anti-virus scanners. The file has been seen being downloaded from jp.config.371pub.com.
Publisher:

MD5:
a09ef089614bed08919ca50920dacd16

SHA-1:
3d1bf31dcaf9acdc8342f2dbb722d25b88c6f663

SHA-256:
d44e0613e0b97b73017b11bba6acdfcc7a02bcba25289734680779baec83c975

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
11/24/2024 5:00:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.172417
673

Agnitum Outpost
Trojan.Rogue
7.1.1

Avira AntiVirus
TR/Rogue.12856
7.11.218.106

avast!
Win32:Trojan-gen
2014.9-150403

Bitdefender
Gen:Variant.Graftor.172417
1.0.20.465

Comodo Security
UnclassifiedMalware
21460

Emsisoft Anti-Malware
Gen:Variant.Graftor.172417
8.15.04.03.03

F-Secure
Gen:Variant.Graftor.172417
11.2015-03-04_6

G Data
Gen:Variant.Graftor.172417
15.4.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.201.15307

McAfee
Artemis!A09EF089614B
5600.6807

MicroWorld eScan
Gen:Variant.Graftor.172417
16.0.0.279

Norman
Troj_Generic.YMGSM
11.20150403

Trend Micro House Call
TROJ_GEN.R000C0EBF15
7.2.93

Trend Micro
TROJ_GEN.R000C0EBF15
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
38556

File size:
12.6 KB (12,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\ec.exe

Digital Signature
Authority:
TrustAsia Technologies, Inc.

Valid from:
5/19/2013 6:54:00 PM

Valid to:
5/19/2015 6:54:00 PM

Subject:
CN=亚洲诚信代码签名测试证书, O=亚数信息科技(上海)有限公司, L=上海市, S=上海市, C=CN

Issuer:
CN=TrustAsia Code Signing CA, O="TrustAsia Technologies, Inc.", C=CN

Serial number:
07

File PE Metadata
Compilation timestamp:
1/19/2015 4:44:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
192:mJb02Pr4W89zzAzzrzr6GW6pastCno2VjD3+e+PjPDyNIt1eUVmW:mRiD9z8znH6GbCnkPLDsW

Entry address:
0x140B

Entry point:
E8, 89, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, A8, 20, 40, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 40, 31, 40, 00, 89, 0D, 3C, 31, 40, 00, 89, 15, 38, 31, 40, 00, 89, 1D, 34, 31, 40, 00, 89, 35, 30, 31, 40, 00, 89, 3D, 2C, 31, 40, 00, 66, 8C, 15, 58, 31, 40, 00, 66, 8C, 0D, 4C, 31, 40, 00, 66, 8C, 1D, 28, 31, 40, 00, 66, 8C, 05, 24, 31, 40, 00, 66, 8C, 25, 20, 31, 40, 00, 66, 8C, 2D, 1C, 31, 40, 00, 9C, 8F, 05, 50, 31, 40, 00, 8B, 45, 00, A3, 44, 31, 40, 00, 8B, 45, 04, A3, 48, 31, 40, 00...
 
[+]

Entropy:
6.4559

Code size:
2.5 KB (2,560 bytes)

The file ec.exe has been seen being distributed by the following URL.

Remove ec.exe - Powered by Reason Core Security