elfcrack 8.60.exe

The executable elfcrack 8.60.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s5991.chomikuj.pl and multiple other hosts.
MD5:
d041c9f6298132d34df325fefea27b93

SHA-1:
a42b53d7a2daf356969d5961aa7d0533bdf0fdc9

SHA-256:
1d4cd57394cec1ab32f5fe4f35174a7a8e4157309eb2fde285daa928b9ca6409

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
12/28/2024 12:23:28 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.20914
839

Agnitum Outpost
Trojan.Gender
7.1.1

Avira AntiVirus
TR/Gender.1859072.2
7.11.179.12

AVG
Crypt_c
2015.0.3317

Baidu Antivirus
Hacktool.Win32.ElfBot
4.0.3.141018

Bitdefender
Gen:Variant.Kazy.20914
1.0.20.1455

Bkav FE
HW32.Packed
1.3.0.4959

Emsisoft Anti-Malware
Gen:Variant.Kazy.20914
8.14.10.18.12

ESET NOD32
Win32/HackTool.Crack
8.10576

Fortinet FortiGate
W32/SPNR.03CI11!tr
10/18/2014

F-Prot
W32/MalwareF.FXMF
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.20914
11.2014-18-10_7

G Data
Gen:Variant.Kazy.20914
14.10.24

IKARUS anti.virus
Gen.Trojan
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.184.13704

McAfee
Artemis!D041C9F62981
5600.6973

Microsoft Security Essentials
Trojan:Win32/Dynamer!dtc
1.11005

MicroWorld eScan
Gen:Variant.Kazy.20914
15.0.0.873

Norman
Suspicious_Gen2.CWSSA
11.20141018

Qihoo 360 Security
Win32/Trojan.e3d
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.1235CB03!305515267
23.00.65.141016

Sophos
Generic PUA KE
4.98

VIPRE Antivirus
Trojan.Win32.Generic
33990

XVirus List
Win32.Detected
2.10.18

Zillya! Antivirus
Tool.Crack.Win32.2
2.0.0.1958

File size:
1.8 MB (1,859,072 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:1ClhDaf4WHyRM4nswElwMyRpMpm+SZYKnY1kHNdwkn04qWszNusakE2b:1shWHqMeMHyRfHNd+cszNus22b

Entry address:
0x1C7000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, 10, 12, 00, 2D, 65, E3, 60, 00, 05, 5A, E3, 60, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 61, 12, 76, 5A, 68, FE, 34, 98, 37, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 14, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
441 KB (451,584 bytes)

The file elfcrack 8.60.exe has been seen being distributed by the following 10 URLs.

http://s5991.chomikuj.pl/File.aspx?e=Wsq5nCyOLxaQPn7TGcWE_wIChp3WwIdJay1NxAXOPV97P5HDq0-i3U5Xzd8aY6f3yA92AivOAPcAG6zOgdEofJrfp2wk2rkj_yQ_uyzVHrZ5C0ZrRMctBYnvI1_rpsOQTdKrEtzPtfLX8ETOUoYahA&pv=2

https://mega.nz/temporary/.../Jp9VSQjY

http://poczta.o2.pl/?cmd=getpart&link=yLMBQAkWsxpTUl02gSAtPzbaOTMocTMoO2OtLTPsNTMROTORhWaZjSMea3OxPTPoeTNAOTN6hnYwjTM6bTOkdjMJ83bwjjMVazNRODMJ8jNZjTMJ8DbadiMs8CMskwAikEAUIkZxOWYxHmLUeQZk

https://mega.nz/persistent/.../8VwFxarQ

https://mega.nz/temporary/.../Ko1jUZAb

Remove elfcrack 8.60.exe - Powered by Reason Core Security