extend.exe

扩展程序

The executable extend.exe has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from box64.yxdown.com.
Publisher:
扩展程序

Product:
扩展程序

Version:
1.0.0.4

MD5:
16c7c25d6c76be345410aaeae31ce1e5

SHA-1:
dc7b89fe482d51ad5fc2872310f4d8b73cdb3590

SHA-256:
3b3bcbe0b362a38f29680f313aa4b5fac0267b6f3f38f3d3756e822d21551ec3

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/5/2024 10:35:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.13081513
585

Bitdefender
Trojan.Generic.13081513
1.0.20.900

Emsisoft Anti-Malware
Trojan.Generic.13081513
8.15.06.29.06

F-Secure
Trojan.Generic.13081513
11.2015-29-06_2

G Data
Trojan.Generic.13081513
15.6.25

McAfee
Artemis!3FE8E34A90F1
5600.6719

MicroWorld eScan
Trojan.Generic.13081513
16.0.0.540

nProtect
Trojan.Generic.13081513
15.04.24.01

Panda Antivirus
Trj/Genetic.gen
15.03.24.07

File size:
529 KB (541,696 bytes)

Product version:
1.0.0.4

Copyright:
2014(C)扩展程序。保留所有权利

Original file name:
openlnk.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\7d65l0nv\extend.exe

File PE Metadata
Compilation timestamp:
11/18/2014 4:15:09 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:UhzIL5sz7oXjnho5WgkB18BTjQ5GFwzLOjKD:TKchoQg0ujQskOK

Entry address:
0x2F968

Entry point:
E8, 10, 70, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 50, C9, 45, 00, 75, 02, F3, C3, E9, 92, 70, 00, 00, 8B, FF, 51, C7, 01, D4, DF, 44, 00, E8, 8A, 71, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, E0, 1C, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, C9, 71, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 55, 0C, EB, 07, 66, 3B, CA, 74, 11, 40, 40, 0F...
 
[+]

Entropy:
6.7157

Code size:
289.5 KB (296,448 bytes)

The file extend.exe has been seen being distributed by the following URL.

Remove extend.exe - Powered by Reason Core Security