home

filehost_pandawow hack.exe

The executable filehost_pandawow hack.exe has been detected as malware by 37 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from ro2.girlshare.ro.
Version:
1.0.0.0

MD5:
7116f5369e1f43a75dbf8e20b0f2b7f0

SHA-1:
7e01d189d54ef4813c3321c55ecca084b2594ab8

SHA-256:
f85f39465df017c2b4b670e9d9d4c60e277a5898911ad0f9a3d57bf0f64ab1d0

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
11/5/2024 10:08:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Krypt.3
273

Agnitum Outpost
TrojanSpy.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.ZBot
2015.09.27

Avira AntiVirus
TR/Spy.Gen
8.3.2.2

Arcabit
Trojan.MSIL.Krypt.3
1.0.0.567

avast!
MSIL:KeyLogger-BN [Trj]
2014.9-160507

AVG
ILAgent
2017.0.2751

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.1657

Bitdefender
Gen:Heur.MSIL.Krypt.3
1.0.20.640

Clam AntiVirus
Win.Trojan.Petun-4
0.98/21511

Comodo Security
Worm.Win32.KeyLogger.AutoRun.AE
23307

Dr.Web
Trojan.Siggen3.14508
9.0.1.0128

Emsisoft Anti-Malware
Gen:Heur.MSIL.Krypt
8.16.05.07.08

ESET NOD32
MSIL/Spy.Agent.BP (variant)
10.12296

Fortinet FortiGate
MSIL/KeyLogger.BA!tr
5/7/2016

F-Prot
W32/MSIL_Troj.F.gen
v6.4.7.1.166

F-Secure
Gen:Heur.MSIL.Krypt.3
11.2016-07-05_7

G Data
Gen:Heur.MSIL.Krypt
16.5.25

IKARUS anti.virus
Virus.PSW.ILSpy
t3scan.1.9.5.0

K7 AntiVirus
Spyware
13.210.17343

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.248

Malwarebytes
Backdoor.MSIL.PGen
v2016.05.07.08

McAfee
Trojan-FCTX!7116F5369E1F
5600.6407

Microsoft Security Essentials
PWS:MSIL/Petun.A
1.1.12101.0

MicroWorld eScan
Gen:Heur.MSIL.Krypt.3
17.0.0.384

NANO AntiVirus
Trojan.Win32.Siggen3.dcmwno
0.30.26.3725

nProtect
Trojan/W32.Agent.43008.OX
15.09.25.01

Panda Antivirus
Trj/CI.A
16.05.07.08

Qihoo 360 Security
Win32/Trojan.55c
1.0.0.1015

Quick Heal
TrojanPWS.Petun.A3
5.16.14.00

Rising Antivirus
PE:Trojan.MSIL.KeyLogger!1.647D[F1]
23.00.65.16505

Sophos
Mal/MSIL-BI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Petun
9158

Trend Micro House Call
TSPY_PATUN.SMHA
7.2.128

Trend Micro
TSPY_PATUN.SMHA
10.465.07

VIPRE Antivirus
Trojan-PWS.MSIL.Petun.a
44086

Zillya! Antivirus
Trojan.Agent.Win32.489325
2.0.0.2416

File size:
42 KB (43,008 bytes)

Product version:
1.0.0.0

Original file name:
Pandawow hack.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\filehost_pandawow hack.exe

File PE Metadata
Compilation timestamp:
9/11/2014 1:54:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:LYRZQCRwoGOrTU9g4SQ0pzsa0gj3UdsL6SpLzrFnD5FFzujAMU5PCEjgvb:CaOwZ9g4SyCpLzrFnD5F+G9CVz

Entry address:
0xBEEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

The file filehost_pandawow hack.exe has been seen being distributed by the following URL.

http://ro2.girlshare.ro/download/.../Pandawow hack.exe

Remove filehost_pandawow hack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.