» fvx.exe
Overview
Analysis
File Details
Behaviors (1)
Network (19)

fvx.exe

The executable fvx.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FVX Start’.

File name:

fvx.exe

MD5:

98f5641d36f24bac6e6ad45f293acfda

SHA-1:

ad35dbbaf93781e6b83b2312e794cca5ba66ad83

SHA-256:

66fc66af16f67c32deefe1e2815f5d1d605306469984040c32317b9d64f86192

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/5/2024 2:50:11 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

KeyLogger.Ardamax

17.2.14.14

File size:

2.7 MB (2,825,216 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\srwhef\fvx.exe

File PE Metadata

Compilation timestamp:

1/20/2016 9:53:43 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x562DA

Entry point:

F6, C1, 42, F6, C2, B3, B7, A7, 0F, AF, C1, 19, D6, 81, FE, 5C, 6E, 00, 00, 74, 03, C6, C4, A0, 0F, AF, F9, C7, C0, E1, FF, 45, 64, F6, C7, AF, 8A, D2, FE, C7, 8A, FE, FE, C4, C7, C6, E8, A7, 37, 3B, 55, F7, C2, 6C, 6A, 4F, 94, 23, FE, FE, CC, 5D, 01, C8, 05, BC, 68, 0E, B5, 89, CE, C7, C0, D5, 8F, F7, A6, B9, 00, 00, 00, 00, 78, 04, 0F, B7, F0, F3, 8B, CD, 15, F9, 55, 9A, EE, 8D, 1D, ED, C2, C2, FA, 84, F1, F3, 8A, D5, 1D, E4, 3F, 8F, B9, 88, E0, 68, 22, 1E, DF, 00, C6, C4, 8B, 0F, BF, D8, E8, 00, 00, 00... 
[+]

Entropy:

7.1350

Code size:

1.2 MB (1,246,720 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FVX Start

Command:

C:\windows\srwhef\fvx.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 147.62.236.23.bc.googleusercontent.com (23.236.62.147:80)

TCP (HTTP):

Connects to ec2-52-86-255-102.compute-1.amazonaws.com (52.86.255.102:80)

TCP (HTTP SSL):

Connects to ec2-54-88-176-36.compute-1.amazonaws.com (54.88.176.36:443)

TCP (HTTP):

Connects to ec2-52-28-249-128.eu-central-1.compute.amazonaws.com (52.28.249.128:80)

TCP (HTTP):

Connects to ns8914.dotvndns.vn (112.213.89.14:80)

TCP (HTTP):

Connects to web140.extendcp.co.uk (79.170.44.140:80)

TCP (HTTP):

Connects to sinkhole.fitsec.com (193.166.255.171:80)

TCP (HTTP):

Connects to HDRedirect-LB3-890977680.us-east-1.elb.amazonaws.com (68.168.222.206:80)

TCP (HTTP):

Connects to ec2-54-84-125-129.compute-1.amazonaws.com (54.84.125.129:80)

TCP (HTTP SSL):

Connects to ec2-54-210-232-124.compute-1.amazonaws.com (54.210.232.124:443)

TCP (HTTP SSL):

Connects to ec2-52-21-46-54.compute-1.amazonaws.com (52.21.46.54:443)

TCP (HTTP SSL):

Connects to ec2-52-0-227-11.compute-1.amazonaws.com (52.0.227.11:443)

TCP (HTTP SSL):

Connects to ec2-34-199-99-97.compute-1.amazonaws.com (34.199.99.97:443)

TCP (HTTP):

Connects to cluster005.ovh.net (213.186.33.16:80)

Remove fvx.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.