fvx.exe

The executable fvx.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FVX Start’.
MD5:
98f5641d36f24bac6e6ad45f293acfda

SHA-1:
ad35dbbaf93781e6b83b2312e794cca5ba66ad83

SHA-256:
66fc66af16f67c32deefe1e2815f5d1d605306469984040c32317b9d64f86192

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 2:37:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
KeyLogger.Ardamax
17.2.14.14

File size:
2.7 MB (2,825,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\srwhef\fvx.exe

File PE Metadata
Compilation timestamp:
1/20/2016 9:53:43 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x562DA

Entry point:
F6, C1, 42, F6, C2, B3, B7, A7, 0F, AF, C1, 19, D6, 81, FE, 5C, 6E, 00, 00, 74, 03, C6, C4, A0, 0F, AF, F9, C7, C0, E1, FF, 45, 64, F6, C7, AF, 8A, D2, FE, C7, 8A, FE, FE, C4, C7, C6, E8, A7, 37, 3B, 55, F7, C2, 6C, 6A, 4F, 94, 23, FE, FE, CC, 5D, 01, C8, 05, BC, 68, 0E, B5, 89, CE, C7, C0, D5, 8F, F7, A6, B9, 00, 00, 00, 00, 78, 04, 0F, B7, F0, F3, 8B, CD, 15, F9, 55, 9A, EE, 8D, 1D, ED, C2, C2, FA, 84, F1, F3, 8A, D5, 1D, E4, 3F, 8F, B9, 88, E0, 68, 22, 1E, DF, 00, C6, C4, 8B, 0F, BF, D8, E8, 00, 00, 00...
 
[+]

Entropy:
7.1350

Code size:
1.2 MB (1,246,720 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FVX Start

Command:
C:\windows\srwhef\fvx.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 147.62.236.23.bc.googleusercontent.com  (23.236.62.147:80)

TCP (HTTP):
Connects to ec2-52-86-255-102.compute-1.amazonaws.com  (52.86.255.102:80)

TCP (HTTP SSL):
Connects to ec2-54-88-176-36.compute-1.amazonaws.com  (54.88.176.36:443)

TCP (HTTP):

TCP (HTTP):
Connects to ns8914.dotvndns.vn  (112.213.89.14:80)

TCP (HTTP):
Connects to web140.extendcp.co.uk  (79.170.44.140:80)

TCP (HTTP):
Connects to sinkhole.fitsec.com  (193.166.255.171:80)

TCP (HTTP):
Connects to HDRedirect-LB3-890977680.us-east-1.elb.amazonaws.com  (68.168.222.206:80)

TCP (HTTP):
Connects to ec2-54-84-125-129.compute-1.amazonaws.com  (54.84.125.129:80)

TCP (HTTP SSL):
Connects to ec2-54-210-232-124.compute-1.amazonaws.com  (54.210.232.124:443)

TCP (HTTP SSL):
Connects to ec2-52-21-46-54.compute-1.amazonaws.com  (52.21.46.54:443)

TCP (HTTP SSL):
Connects to ec2-52-0-227-11.compute-1.amazonaws.com  (52.0.227.11:443)

TCP (HTTP SSL):
Connects to ec2-34-199-99-97.compute-1.amazonaws.com  (34.199.99.97:443)

TCP (HTTP):
Connects to cluster005.ovh.net  (213.186.33.16:80)

Remove fvx.exe - Powered by Reason Core Security