guacuilanmog.exe

The executable guacuilanmog.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘guacuilanmog’. While running, it connects to the Internet address medius.do.innovatif.com on port 80 using the HTTP protocol.
MD5:
697cc2762be510df5d7fa5ebaf219982

SHA-1:
98069b5f9429e51fe131d9266c12d4b429861456

SHA-256:
28af75404df50f861dd52c26ed8287da91acf00f62949b6e9faaf94f2886df92

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
12/24/2024 11:52:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.641950
430

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
2015.10.26

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.2.2

Arcabit
Trojan.Kazy.D9CB9E
1.0.0.585

avast!
Win32:Malware-gen
2014.9-151202

AVG
Agent
2016.0.2908

Baidu Antivirus
Trojan.Win32.Agentb
4.0.3.15122

Bitdefender
Gen:Variant.Kazy.641950
1.0.20.1680

Bkav FE
W32.BiscogerLTF.Trojan
1.3.0.7383

Comodo Security
UnclassifiedMalware
23473

Dr.Web
Trojan.MulDrop3.14959
9.0.1.0336

Emsisoft Anti-Malware
Gen:Variant.Kazy.641950
8.15.12.02.02

ESET NOD32
Win32/Kryptik.CJDR (variant)
9.12463

Fortinet FortiGate
W32/Kryptik.CJDR!tr
12/2/2015

F-Secure
Gen:Variant.Kazy.641950
11.2015-02-12_4

G Data
Gen:Variant.Kazy.641950
15.12.25

IKARUS anti.virus
Trojan.Win32.Agentb
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17641

Kaspersky
Trojan.Win32.Agentb
14.0.0.1035

Malwarebytes
Trojan.Inject
v2015.12.02.02

McAfee
GenericR-DUP!697CC2762BE5
5600.6564

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12205.0

MicroWorld eScan
Gen:Variant.Kazy.641950
16.0.0.1008

NANO AntiVirus
Trojan.Win32.Agentb.dssjup
0.30.26.3947

Panda Antivirus
Trj/Genetic.gen
15.12.02.02

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.Bagsu.r5
12.15.14.00

Rising Antivirus
PE:Malware.RDM.18!5.18[F1]
23.00.65.151130

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9473

Trend Micro
TROJ_GEN.R0C1C0DGP15
10.465.02

Vba32 AntiVirus
Trojan.Agentb
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44814

Zillya! Antivirus
Trojan.Agentb.Win32.11172
2.0.0.2472

File size:
74.3 KB (76,032 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\maryam\guacuilanmog.exe

File PE Metadata
Compilation timestamp:
1/3/2006 11:14:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:CkZZxH5QRQH1txMPc9m+gmP2LEWGBzwfQ37GKmO:CK57H1tSPc9Dg42dczwfQ37GKz

Entry address:
0x1000

Entry point:
33, C9, 51, E8, E2, 02, 00, 00, 50, 8F, 05, 9D, 34, B2, 00, C7, 05, F1, 34, B2, 00, 30, 00, 00, 00, C7, 05, F5, 34, B2, 00, 03, 00, 00, 00, C7, 05, F9, 34, B2, 00, 2F, 11, B2, 00, C7, 05, FD, 34, B2, 00, 00, 00, 00, 00, C7, 05, 01, 35, B2, 00, 00, 00, 00, 00, FF, 35, 9D, 34, B2, 00, 8F, 05, 05, 35, B2, 00, C7, 05, 11, 35, B2, 00, 06, 00, 00, 00, C7, 05, 15, 35, B2, 00, 00, 00, 00, 00, C7, 05, 19, 35, B2, 00, 74, 12, B2, 00, 68, 00, 7F, 00, 00, 6A, 00, E8, 3D, 02, 00, 00, A3, 09, 35, B2, 00, A3, 1D, 35, B2...
 
[+]

Entropy:
5.8096

Code size:
1024 Bytes (1,024 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
guacuilanmog

Command:
C:\users\maryam\guacuilanmog.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web2.connext.net  (96.91.204.114:80)

TCP (HTTP):
Connects to redirect-v225.secureserver.net  (184.168.47.225:80)

TCP (HTTP):
Connects to 62-210-140-158.rev.poneytelecom.eu  (62.210.140.158:80)

TCP (HTTP):
Connects to xaicom.net  (85.214.214.113:80)

TCP (HTTP):
Connects to server2016.italmarket.com  (95.141.36.94:80)

TCP (HTTP):
Connects to medius.do.innovatif.com  (198.211.123.23:80)

TCP (HTTP):
Connects to ht1.domain4all.nl  (178.250.193.121:80)

TCP (HTTP):
Connects to dgws16s26db.ispgateway.de  (80.67.28.73:80)

TCP (HTTP):
Connects to 66-232-103-8.static.hvvc.us  (66.232.103.8:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.120:80)

TCP (HTTP):
Connects to ns69.kreativmedia.ch  (80.74.154.6:80)

TCP (HTTP):
Connects to blask.circulos.pl  (195.2.222.250:80)

TCP (HTTP):
Connects to 65.26.196.104.bc.googleusercontent.com  (104.196.26.65:80)

TCP (HTTP):
Connects to sv140.xserver.jp  (210.188.201.166:80)

TCP (HTTP):
Connects to myhost.net.pl  (195.149.225.101:80)

TCP (HTTP):
Connects to ip-50-63-46-84.ip.secureserver.net  (50.63.46.84:80)

TCP (HTTP):
Connects to cluster011.ovh.net  (213.186.33.40:80)

TCP (HTTP):
Connects to cluster005.ovh.net  (213.186.33.16:80)

TCP (HTTP):
Connects to satin.smoothhost.com  (50.97.65.91:80)

TCP (HTTP):
Connects to sinkhole-01.sinkhole.tech  (95.211.174.92:80)

Remove guacuilanmog.exe - Powered by Reason Core Security