ellinia.exe

Launcher

The executable ellinia.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from maple.ellinia.net.
Product:
Launcher

Version:
1.1.5762.31951

MD5:
59ffc209a277a92dbce7e68f9f3b66a4

SHA-1:
b0698a87cf68a3336e19f3edfd61ae99dcbcc8b4

SHA-256:
772580d0640349e888512a751e1930497ad32f2c4f62bffd7aa8ab3e2fa24a6b

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/27/2024 3:57:45 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.209113
8.3.2.2

Bkav FE
HW32.Packed
1.3.0.7383

ESET NOD32
Detection.Undefined
7.0.302.0

Fortinet FortiGate
MSIL/Injector.LRE!tr
1/6/2016

F-Secure
Gen:Variant.Barys.49712
5.15.21

IKARUS anti.virus
Trojan.Dropper
t3scan.1.9.5.0

McAfee
Trojan.Artemis!59FFC209A277
18.0.204.0

File size:
2.5 MB (2,631,680 bytes)

Product version:
1.1.5762.31951

Original file name:
Redirector.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ellinia.exe

File PE Metadata
Compilation timestamp:
10/12/2015 6:45:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:yIlOBIFJwNVyuVqhHrtgN60eInrR1elSzyR/UOfNFjar/JtooLLNBmd21p+nLF0M:Dl9XuV0W60NTpaFarhto4fI27uLFjx

Entry address:
0x28808A

Entry point:
FF, 25, 80, 80, 68, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9905  (probably packed)

Code size:
29.5 KB (30,208 bytes)

The file ellinia.exe has been seen being distributed by the following URL.

Remove ellinia.exe - Powered by Reason Core Security