home

jghdalxw.exe

The executable jghdalxw.exe has been detected as malware by 1 anti-virus scanner.
MD5:
5c24ba6173ec90370c4380fc0bdf6733

SHA-1:
50c4d2c81c34885891f707c72c993d25725d9534

SHA-256:
bb6ee34d96800ae5eac84ed47c40c51608990b07ba39be6738a31c3396857b66

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 5:08:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Proxy
17.1.31.22

File size:
392.5 KB (401,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\احمد\jghdalxw.exe

File PE Metadata
Compilation timestamp:
9/20/1998 12:51:40 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x86C0

Entry point:
89, DA, 52, 02, DE, FF, C3, FF, C5, 69, DB, A1, 91, 92, C7, BA, 36, 3E, 25, F0, 0F, AF, FE, 76, 06, 87, CB, B5, 75, 8B, CD, FE, C7, 0F, B7, DD, 3B, C5, 87, E8, 80, D4, FF, 84, FB, FE, CC, 0F, AF, F2, 87, DD, 69, D7, 62, 22, 3C, B8, 8A, DE, E8, 2C, 00, 00, 00, B9, AD, DD, AE, E9, 85, CD, 77, 06, 81, F3, 16, AB, D7, 36, 69, DB, F8, 87, 75, ED, 69, DE, E3, A8, 24, CF, 11, EB, 8B, F2, 8A, E2, 47, 88, D3, 0F, AF, D7, 87, DA, 2B, EE, F3, 80, C6, E5, 69, CB, ED, B8, 3C, 99, 0A, F9, 85, F6, 71, 07, 0F, BE, F9, FE...
 
[+]

Entropy:
7.0641

Code size:
91.5 KB (93,696 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to win15.securedc.com  (64.8.117.67:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.122:80)

TCP (HTTP):
Connects to hostedc76.carrierzone.com  (69.49.115.40:80)

TCP (HTTP):
Connects to host176.b5.trdns.com  (77.245.148.176:80)

TCP (HTTP):
Connects to HDRedirect-LB3-890977680.us-east-1.elb.amazonaws.com  (68.168.222.206:80)

TCP (HTTP):
Connects to ec2-54-251-109-4.ap-southeast-1.compute.amazonaws.com  (54.251.109.4:80)

TCP (HTTP):
Connects to 161maklp3.guzel.net.tr  (31.192.214.161:80)

Remove jghdalxw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.