huesgan.exe

Maskiseft Visaal Studio 2010

Maskiseft Corporatien

The executable huesgan.exe, “Maskiseft Visaal Studie 2010” has been detected as malware by 26 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
Maskiseft Corporatien

Product:
Maskiseft® Visaal Studio® 2010

Description:
Maskiseft Visaal Studie 2010

Version:
1.9.43074.5121 built by: SP1Rel

MD5:
6763bcac1b986160956f8cf51a740ec4

SHA-1:
5e1b82c6238266c395cedcf4b59256667398b0a4

SHA-256:
45a8bdae5139120d930d8b19d7ab20251aba0057a90ca57fdfb538b49a1b3e05

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
11/25/2024 7:45:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.430690
899

Agnitum Outpost
Trojan.KillProc
7.1.1

AhnLab V3 Security
Trojan/Win32.Necurs
2014.08.20

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:Trojan-gen
140813-1

AVG
Trojan horse SHeur4.CAIC
2014.0.4007

Bitdefender
Gen:Variant.Kazy.430690
1.0.20.1155

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Trojan.KillProc.32415
9.0.1.05190

ESET NOD32
Win32/Kryptik.CIQR trojan
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CHDI!tr
8/19/2014

F-Prot
W32/A-ba027243
v6.4.7.1.166

G Data
Gen:Variant.Kazy.430690
14.8.24

K7 AntiVirus
Trojan
13.183.13098

Malwarebytes
Trojan.Zbot.gen
v2014.08.19.05

McAfee
PWSZbot-FABW!6763BCAC1B98
5600.7033

Microsoft Security Essentials
Threat.Undefined
1.181.75.0

MicroWorld eScan
Gen:Variant.Kazy.430690
15.0.0.693

NANO AntiVirus
Trojan.Win32.KillProc.ddtlcg
0.28.2.61721

Panda Antivirus
Trj/Genetic.gen
14.08.19.05

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14817

Sophos
Troj/Agent-AIIM
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FalComp
10412

Total Defense
Win32/Zbot.fXWIRPC
37.0.11130

VIPRE Antivirus
Threat.4371328
32210

File size:
299.6 KB (306,819 bytes)

Product version:
1.9.43074.5121

Copyright:
© Maskiseft Corporatien. All rights reserved.

Original file name:
divonv.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\enoqurg\huesgan.exe

File PE Metadata
Compilation timestamp:
3/27/2010 9:51:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:edEHBphyq9brO9zMZMg34krdwJgefjISZgb+1:edevQqBwg3ICwYb+1

Entry address:
0xC980

Entry point:
55, 8B, EC, 81, EC, 04, 01, 00, 00, B8, 6D, 00, 00, 00, 89, 85, 2C, FF, FF, FF, 53, 6A, B5, 50, 6A, C9, 50, E8, 21, 1E, 00, 00, 83, C4, 10, 56, 8B, 95, 2C, FF, FF, FF, 89, 95, 2C, FF, FF, FF, 57, 33, D0, 3B, C2, 75, 06, 89, 95, 2C, FF, FF, FF, 8B, B5, 2C, FF, FF, FF, 83, C6, D6, 89, B5, 2C, FF, FF, FF, 6A, 00, 6A, 00, 68, 8E, 00, 00, 00, 68, 98, CA, 42, 00, FF, 15, 2C, 4E, 42, 00, 2D, 00, 48, 80, 2A, 89, 85, 2C, FF, FF, FF, 8D, 85, 44, FF, FF, FF, 50, FF, 15, 34, 4E, 42, 00, 83, F0, 83, 89, 85, 2C, FF, FF...
 
[+]

Entropy:
7.8301

Developed / compiled with:
Microsoft Visual C++

Code size:
138.5 KB (141,824 bytes)

Scheduled Task
Task name:
Security Center Update - 796242747

Trigger:
Daily (Runs daily at 2:00 PM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to video.dc6.vcmedia.com  (8.18.45.89:80)

TCP (HTTP):
Connects to server-205-251-253-7.ind6.r.cloudfront.net  (205.251.253.7:80)

TCP (HTTP):
Connects to server-205-251-253-139.ind6.r.cloudfront.net  (205.251.253.139:80)

TCP (HTTP):
Connects to server-205-251-253-134.ind6.r.cloudfront.net  (205.251.253.134:80)

TCP (HTTP):
Connects to ord08s12-in-f13.1e100.net  (74.125.225.13:80)

TCP (HTTP):
Connects to ord08s11-in-f28.1e100.net  (173.194.46.92:80)

TCP (HTTP):
Connects to ord08s11-in-f25.1e100.net  (173.194.46.89:80)

TCP (HTTP):
Connects to ord08s09-in-f25.1e100.net  (74.125.225.153:80)

TCP (HTTP):
Connects to media.dc6.vcmedia.com  (8.18.45.90:80)

TCP (HTTP):
Connects to ib-in-f100.1e100.net  (74.125.192.100:80)

TCP (HTTP SSL):
Connects to iad23s08-in-f6.1e100.net  (74.125.228.102:443)

TCP (HTTP):
Connects to ec2-54-243-195-99.compute-1.amazonaws.com  (54.243.195.99:80)

TCP (HTTP):
Connects to ec2-54-235-144-227.compute-1.amazonaws.com  (54.235.144.227:80)

TCP (HTTP):
Connects to ec2-54-191-228-191.us-west-2.compute.amazonaws.com  (54.191.228.191:80)

TCP (HTTP):
Connects to ec2-50-17-226-121.compute-1.amazonaws.com  (50.17.226.121:80)

TCP (HTTP):
Connects to ec2-184-73-204-142.compute-1.amazonaws.com  (184.73.204.142:80)

TCP (HTTP):
Connects to ec2-174-129-246-1.compute-1.amazonaws.com  (174.129.246.1:80)

TCP (HTTP):
Connects to ec2-107-22-194-28.compute-1.amazonaws.com  (107.22.194.28:80)

TCP (HTTP):
Connects to ec2-107-21-217-149.compute-1.amazonaws.com  (107.21.217.149:80)

TCP (HTTP):
Connects to ec2-107-20-167-234.compute-1.amazonaws.com  (107.20.167.234:80)

Remove huesgan.exe - Powered by Reason Core Security