» ext.exe
Overview
Analysis
File Details
Downloads (1)
Network (4)

ext.exe

The executable ext.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from milyoncu.xyz. While running, it connects to the Internet address amung.us on port 80 using the HTTP protocol.

File name:

ext.exe

MD5:

09df01ac36f9353bc4327b4c09e716b7

SHA-1:

9f8322786f4be9a6c0d0a9ffd35a15135c3487de

SHA-256:

c69ae322127945d45024ffdcc52ccfff99729c79311a9105ae4ea63e9d8f7fa6

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

11/27/2024 7:51:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.70776

756

AhnLab V3 Security

HEUR/Fakon.mwf

2015.01.10

Avira AntiVirus

Worm/Kilim.424960.2

7.11.200.120

avast!

Win32:Malware-gen

2014.9-150110

AVG

Luhe.Fiha.A

2016.0.3234

Baidu Antivirus

Trojan.Win32.Reconyc

4.0.3.15110

Bitdefender

Gen:Variant.Strictor.70776

1.0.20.50

Comodo Security

UnclassifiedMalware

20659

Dr.Web

Trojan.DownLoader12.2057

9.0.1.010

Emsisoft Anti-Malware

Gen:Variant.Strictor.70776

8.15.01.10.07

ESET NOD32

Win32/TrojanDownloader.Autoit.NWP (variant)

9.10991

Fortinet FortiGate

W32/Reconyc.DLVM!tr

1/10/2015

F-Secure

Gen:Variant.Strictor.70776

11.2015-10-01_7

G Data

Gen:Variant.Strictor.70776

15.1.24

IKARUS anti.virus

Trojan.Win32.Reconyc

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.190.14599

Kaspersky

Trojan.Win32.Reconyc

14.0.0.2663

Malwarebytes

Trojan.Agent.AI

v2015.01.10.07

McAfee

RDN/Generic.tfr!eg

5600.6890

Microsoft Security Essentials

Worm:Win32/Kilim.B

1.11302

MicroWorld eScan

Gen:Variant.Strictor.70776

16.0.0.30

Norman

Obfuscated.H!genr

11.20150110

Panda Antivirus

Trj/Zbot.M

15.01.10.07

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.SJFWJCC

37.0.11377

Trend Micro House Call

TROJ_FRS.BMA000A915

7.2.10

Trend Micro

TROJ_FRS.BMA000A915

10.465.10

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

36518

File size:

415 KB (424,960 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\ext.exe

File PE Metadata

Compilation timestamp:

1/7/2015 10:30:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:cOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPizoqZ3:cq5TfcdHj4fmb03

Entry address:

0xEBF20

Entry point:

60, BE, 00, 80, 49, 00, 8D, BE, 00, 90, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8610

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

340 KB (348,160 bytes)

The file ext.exe has been seen being distributed by the following URL.

http://milyoncu.xyz/.../ext.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to eb.83.1732.ip4.static.sl-reverse.com (50.23.131.235:80)

TCP (HTTP):

Connects to amung.us (67.202.94.94:80)

TCP (HTTP):

Connects to 46.c8.c0ad.ip4.static.sl-reverse.com (173.192.200.70:80)

Remove ext.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.