home

hakim.exe

The executable hakim.exe has been detected as malware by 38 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from www.exeupp.com.
MD5:
65e2514118d6bf29e45431ec9651856e

SHA-1:
0a9d6b8bc901fcbc003fec3bc73d89b9089e8f3b

SHA-256:
73f177936d7cff2e07256dbde369b496cc632cbc6c0db7254023c3f5b310ae2f

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
11/27/2024 8:40:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.75290
312

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Win-Trojan/Zbot.24064
2016.01.04

Arcabit
Trojan.Zusy.D1261A
1.0.0.637

avast!
MSIL:Bladabindi-JK [Trj]
2014.9-160329

AVG
Win32/Hedo
2017.0.2790

Baidu Antivirus
Trojan.MSIL.Bladabindi
4.0.3.16329

Bitdefender
Gen:Variant.Zusy.75290
1.0.20.445

Bkav FE
W32.TahoaxaK.Trojan
1.3.0.7400

Clam AntiVirus
Win.Backdoor.Bladabindi-1
0.98/21511

Comodo Security
Backdoor.MSIL.Bladabindi.A
23912

Dr.Web
Trojan.DownLoader18.23009
9.0.1.089

Emsisoft Anti-Malware
Gen:Variant.Zusy.75290
8.16.03.29.10

ESET NOD32
MSIL/Bladabindi.BC
10.12804

Fortinet FortiGate
MSIL/Agent.LI!tr
3/29/2016

F-Prot
W32/MSIL_Bladabind.I2.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.75290
11.2016-29-03_3

G Data
Gen:Variant.Zusy.75290
16.3.25

IKARUS anti.virus
Trojan.MSIL.Bladabindi
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18303

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.443

Malwarebytes
Backdoor.NJRat
v2016.03.29.10

McAfee
BackDoor-NJRat!65E2514118D6
5600.6446

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.12400.0

MicroWorld eScan
Gen:Variant.Zusy.75290
17.0.0.267

NANO AntiVirus
Trojan.Win32.Disfa.dtznyx
1.0.14.5380

nProtect
Trojan/W32.Agent.24064.UQ
15.12.31.01

Panda Antivirus
Generic Malware
16.03.29.10

Quick Heal
Backdoor.Bladabindi.AL3
3.16.14.00

Rising Antivirus
PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]
23.00.65.16327

Sophos
Troj/DotNet-P
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Bladabindi
9236

Total Defense
Win32/DotNetDl.A!generic
37.1.62.1

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.89

Trend Micro
BKDR_BLADABI.SMC
10.465.29

Vba32 AntiVirus
Trojan.MSIL.Disfa
3.12.26.4

VIPRE Antivirus
Backdoor.MSIL.Bladabindi.a
46230

Zillya! Antivirus
Trojan.Disfa.Win32.27264
2.0.0.2591

File size:
23.5 KB (24,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\hakim.exe

File PE Metadata
Compilation timestamp:
12/28/2015 12:46:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:tsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZlMB:Wf65K2Yf1jKRpcnu4s

Entry address:
0x747E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5210

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21.5 KB (22,016 bytes)

The file hakim.exe has been seen being distributed by the following URL.

https://www.exeupp.com/.../hakim.exe

Remove hakim.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.