home

example.exe

Microsoft Host

The executable example.exe, “Microsoft Windows Host” has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ams1.justbeamit.com.
Publisher:
Microsoft Host

Description:
Microsoft Windows Host

Version:
4.71.0.0

MD5:
aefb7a92167a02307264d7f320f13018

SHA-1:
2c38cce6db3d0e0e5e9fefa3da0d57d593881c20

SHA-256:
93f949d2a75e07457b3bde66cbc253965c839ccda48ede5e59df2b54d26b3746

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
11/16/2024 4:36:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.185645
215

Arcabit
Trojan.Zusy.D2D52D
1.0.0.672

avast!
Win32:Evo-gen [Susp]
2014.9-160704

Bitdefender
Gen:Variant.Zusy.185645
1.0.20.930

Emsisoft Anti-Malware
Gen:Variant.Zusy.185645
8.16.07.04.12

ESET NOD32
MSIL/Injector.OPA (variant)
10.13437

Fortinet FortiGate
MSIL/Injector.OPA!tr
7/4/2016

F-Secure
Gen:Variant.Zusy.185645
11.2016-04-07_2

G Data
Gen:Variant.Zusy.185645
16.7.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.2.0.9.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-40

Malwarebytes
Trojan.Injector
v2016.07.04.12

MicroWorld eScan
Gen:Variant.Zusy.185645
17.0.0.558

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

File size:
4.6 MB (4,817,920 bytes)

Product version:
4.71.0.0

Copyright:
Copyright © 2016

Original file name:
BUTS.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\example.exe

File PE Metadata
Compilation timestamp:
5/4/2016 6:25:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:+xVNn0OEpnCF/FR0LrjzQgY5ILqsoBfJfC+YJg3lQ3vfhpWPH+pprltgYGCMBDBB:rpnU/1cqson6+fQDrGAl+az

Entry address:
0x494C7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.6 MB (4,795,904 bytes)

The file example.exe has been seen being distributed by the following URL.

https://ams1.justbeamit.com:8443/download?token=8n8mv

Remove example.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.