home

Havij.exe

Havij

ITSecTeam

Publisher:
ITSecTeam

Product:
Havij

Description:
Advanced SQL Injection Tool

Version:
1.152

MD5:
a4cdbacc00524e4268eb60882e93aba4

SHA-1:
0d8b275bd1856bc6563dd731956f3b312e1533cd

SHA-256:
7a3f9de797e0efb50921532405105f50de608ce723bac0b8a2e89c0e5af968f0

Scanner detections:
7 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/1/2024 2:37:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Luhe.Fiha.A
2015.0.3598

Bkav FE
W32.Clodc27.Trojan
1.3.0.4613

McAfee
Artemis!A4CDBACC0052
5600.7254

Norman
Suspicious_Gen4.CIICC
11.20140110

Sophos
Mal/Generic-S
4.96

VIPRE Antivirus
Trojan.Win32.Generic
25010

ViRobot
Trojan.Win32.A.NSAnti.1753088.B
2011.4.7.4223

File size:
1.7 MB (1,753,088 bytes)

Product version:
1.152

Copyright:
Copyright © 2009-2011

Trademarks:
ITSecTeam

Original file name:
Havij.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
8/8/2011 10:15:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:MQSIPkXkeqMU14TZ+qP9dDwuE+ClCYOa5QMcGdXlmlGmXE:fp8kzMUk+qP9dDwz+CUa2M3XlmlG

Entry address:
0x7A7C

Entry point:
68, 1C, 2C, 42, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, FE, 72, AF, 9C, 57, C4, 7D, 45, 86, B8, 9E, BC, 0A, AF, AE, 3E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 6C, 65, 3D, 4D, 73, 53, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 4D, 73, 53, 51, 4C, 42, 6C, 00, 6E, 64, 2E, 62, 61, 73, 0D, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 06, 00, 00, 00, AC, A6, 17, C8, 3B, FB, AD, 41, A6, B0, 03, CC, A3, 33, 86, BE, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Entropy:
5.8453

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
1.6 MB (1,708,032 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cluster002.ovh.net  (213.186.33.2:80)

TCP (HTTP):
Connects to website-iub.edu.pk  (121.52.159.157:80)

TCP (HTTP):
Connects to perfora.net  (74.208.215.233:80)

Scan Havij.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.