» fx_loader.exe
Overview
Analysis
File Details
Network (3)

fx_loader.exe

ActTrader Technologies, Inc.

The executable fx_loader.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address real3.sysfx.net on port 8100.

File name:

fx_loader.exe

Publisher:

ActTrader Technologies, Inc. (signed and verified)

Version:

5.1.3.0

MD5:

1627795428219822bb1ae60865e93f67

SHA-1:

22ce2747b942cc4f0286928fcd804d61e15c1f07

SHA-256:

a27ef40a6de7fd6d2aa46f61ebd9a0437d937d0f134abbc31f3b2733bc7d5ab9

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

11/15/2024 2:36:44 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Kashu.E

2015.07.29

Avira AntiVirus

W32/Sality.AT

8.3.1.6

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15925

G Data

Win32.Sality

15.9.25

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.9.5.0

Panda Antivirus

W32/Sality.AA

15.09.25.07

Total Defense

Win32/Sality.AA

37.1.62.1

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.4

File size:

4.6 MB (4,870,688 bytes)

Product version:

5.*

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\avatrade\fx_loader.exe

Digital Signature

Signed by:

ActTrader Technologies, Inc.

Authority:

COMODO CA Limited

Valid from:

5/20/2015 2:00:00 AM

Valid to:

5/20/2016 1:59:59 AM

Subject:

CN="ActTrader Technologies, Inc.", O="ActTrader Technologies, Inc.", STREET=30 Wall Str, STREET="#1205", L=New York, S=NY, PostalCode=10005, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B354BEF5077AE7E6ABAA5F5936917482

File PE Metadata

Compilation timestamp:

3/24/2015 4:27:26 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:27SQluUzJwxBkoiA737UJSVb8r1YZ8vLZW1zFo/nJFCq9saFvQWGz7m/89BT6TeU:27SQgUzJOk3r1YZMU12rNJp

Entry address:

0x38C150

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, E0, D4, 77, 00, E8, E5, FA, C7, FF, 33, C0, 55, 68, 24, C2, 78, 00, 64, FF, 30, 64, 89, 20, A1, 00, 33, 7A, 00, 8B, 00, E8, 57, D1, DE, FF, E8, 2A, A9, FE, FF, B2, 01, A1, E8, 3F, 62, 00, E8, C6, 81, E9, FF, 8B, 15, DC, 37, 7A, 00, 89, 02, 8B, 0D, A0, 31, 7A, 00, A1, 00, 33, 7A, 00, 8B, 00, 8B, 15, C8, 4E, 77, 00, E8, 3E, D1, DE, FF, 8B, 0D, AC, 37, 7A, 00, A1, 00, 33, 7A, 00, 8B, 00, 8B, 15, 60, E2, 75, 00, E8, 26, D1, DE, FF, 8B, 0D, 78, 34, 7A, 00, A1, 00, 33, 7A... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

3.5 MB (3,713,536 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to real3.sysfx.net (204.107.12.184:8100)

TCP:

Connects to live.other.sysfx.com (204.107.12.140:9100)

Remove fx_loader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.