hosts_anti-adware_main.exe

The executable hosts_anti-adware_main.exe, “HOSTS Anti-PUPs/Adwares” has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HOSTS Anti-Adware_PUPs’. The file has been seen being downloaded from www.malekal.com. While running, it connects to the Internet address toolslib.net on port 80 using the HTTP protocol.
Description:
HOSTS Anti-PUPs/Adwares

Version:
0.3.0.0

MD5:
c1db9bdf885c2f1adc15264fbea2788f

SHA-1:
938a71b4134de7f37b125ac48eac18a8a1db4085

SHA-256:
7c31aa52942fc9a2774077d6a06419b9aeb495a1ed0eb9c6e147145b42b43880

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/26/2024 9:48:57 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Worm/Autoit
2014.0.3622

Comodo Security
UnclassifiedMalware
17450

F-Prot
W32/Undefined.Threat
v6.4.7.1.166

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

McAfee
Artemis!C1DB9BDF885C
5600.7278

MicroWorld eScan
Win32.SuspectCrc
14.0.0.1056

Norman
BlacoleRef.Z
11.20131218

Reason Heuristics
Unnamed.Threat.18
14.3.1.10

Rising Antivirus
AU3SCRIPT:Malware.Banker!1.9DF6
23.00.65.131216

Vba32 AntiVirus
Trojan-Downloader.Autoit.gen
3.12.24.3

File size:
295.9 KB (302,961 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Program Files\hosts_anti_adwares_pups\hosts_anti-adware_main.exe

File PE Metadata
Compilation timestamp:
12/23/2011 11:59:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Lzv+kSZBbdH19ex4T02J4fqz22tvymTiB62iKnWKKmDTcNwjreORED:LzcRD02J4Sq2vHGB67KWKKmDFED

Entry address:
0xB2E60

Entry point:
60, BE, 00, 10, 47, 00, 8D, BE, 00, 00, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
HOSTS Anti-Adware_PUPs

Command:
C:\Program Files\hosts_anti_adwares_pups\hosts_anti-adware_main.exe


The file hosts_anti-adware_main.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to toolslib.net  (176.31.122.216:80)

Remove hosts_anti-adware_main.exe - Powered by Reason Core Security