huawei-modem-code-witer-exe.exe

asiftcn:

The executable huawei-modem-code-witer-exe.exe has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from download1257.mediafire.com.
Product:
asiftcn:

Version:
0.0.0.3

MD5:
cb50a7877a15b248847d41272e9b0486

SHA-1:
745b67662c4d19568e22c18ed29c375209e8baa8

SHA-256:
8d6766f4ac4073dc538427bc51ac290655956db803e26c0133c4892e5bdac892

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/5/2024 4:47:15 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Virut-AOZ
160414-2

AVG
Win32/Virut
2015.0.4591

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Virut.AI!Generic
4.6.5.141

File size:
1.3 MB (1,393,591 bytes)

Product version:
1.0.0.0

Copyright:
1

File type:
Executable application (Win32 EXE)

Language:
Hungarian (Hungary)

Common path:
C:\users\{user}\downloads\huawei-modem-code-witer-exe.exe

File PE Metadata
Compilation timestamp:
5/25/1998 6:58:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:J2/pOVM8OWDAFhN82x6b15mCPzcXFrTaR+D:8/V1UjXPzYrTaED

Entry address:
0x10CEA4

Entry point:
55, 8B, EC, 83, C4, F0, B8, 14, CA, 50, 00, E8, 28, 97, EF, FF, A1, A4, 1D, 51, 00, 8B, 00, E8, E8, 9E, F5, FF, A1, A4, 1D, 51, 00, 8B, 00, BA, 04, CF, 50, 00, E8, CF, 9A, F5, FF, 8B, 0D, 18, 1F, 51, 00, A1, A4, 1D, 51, 00, 8B, 00, 8B, 15, 1C, 98, 50, 00, E8, D7, 9E, F5, FF, A1, A4, 1D, 51, 00, 8B, 00, E8, 4B, 9F, F5, FF, E8, 8E, 72, EF, FF, 00, 00, FF, FF, FF, FF, 13, 00, 00, 00, 48, 75, 61, 77, 65, 69, 4D, 6F, 64, 65, 6D, 55, 6E, 6C, 6F, 63, 6B, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7069

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,097,728 bytes)

The file huawei-modem-code-witer-exe.exe has been seen being distributed by the following URL.

Remove huawei-modem-code-witer-exe.exe - Powered by Reason Core Security