k6zilh6uaw.exe

The executable k6zilh6uaw.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from frux0cheats.com.
MD5:
48e46dc0fd3bb19bac37e0f1169be0bb

SHA-1:
09830e1566f155b9df1602a5c99c6c0cfe77f387

SHA-256:
c9c6b622ceb7a7a54902a2c403e33055c14be6972c87d7dd90ce571b763bf2e4

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/29/2024 10:23:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.158120
324

AegisLab AV Signature
Gen.Variant.Kazy!c
2.1.4+

Avira AntiVirus
TR/Black.Gen2
8.3.3.2

Arcabit
Trojan.Kazy.D269A8
1.0.0.662

avast!
Win32:Malware-gen
2014.9-160316

AVG
Win32/Blacked
2017.0.2802

Bitdefender
Gen:Variant.Kazy.158120
1.0.20.380

Bkav FE
HW32.Packed
1.3.0.7744

Comodo Security
UnclassifiedMalware
24559

Emsisoft Anti-Malware
Gen:Variant.Kazy.158120
8.16.03.16.01

ESET NOD32
Win32/Packed.VMProtect.ABO (variant)
10.13183

Fortinet FortiGate
PossibleThreat
3/16/2016

F-Secure
Gen:Variant.Kazy.158120
11.2016-16-03_4

G Data
Gen:Variant.Kazy.158120
16.3.25

IKARUS anti.virus
Trojan.Win32.VMProtect
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.214.19012

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.507

McAfee
Artemis!48E46DC0FD3B
5600.6458

MicroWorld eScan
Gen:Variant.Kazy.158120
17.0.0.228

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16314

Sophos
Mal/VMProtBad-A
4.98

VIPRE Antivirus
Trojan.Win32.Generic
47904

File size:
4.9 MB (5,093,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\k6zilh6uaw.exe

File PE Metadata
Compilation timestamp:
3/10/2016 7:11:58 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:rHNS83b5L48YVF64eUUplKuJg5K8S9lDe2zfvVIdKEaFWOtGME0GRrdrvMZ5y:rV3b5L4JVFRkqB5Kbi2zfCKB4OtGMvGi

Entry address:
0x95C80A

Entry point:
56, C7, 04, 24, C3, C5, 94, B0, E9, 61, 41, 00, 00, 4D, EE, C3, 38, 64, 12, 7E, 16, F1, 48, 8F, AD, 55, E1, 4C, F1, 4B, EC, 3A, 7C, 2D, 90, 28, 12, 3F, 79, 22, 98, 35, 04, 14, A3, E8, 50, F0, 4B, D9, FD, 04, EE, 48, 41, 1C, A0, 08, B1, E8, D1, F5, 46, 25, 97, 3C, 84, B2, 0A, 2F, 09, 14, 30, E4, 56, D3, AE, 8A, 7E, 3E, 2A, 7D, FC, 1C, D6, A6, B2, 27, DA, 4E, E5, 97, 97, 72, C6, F1, 47, AD, 71, 46, 7D, BF, 40, 40, 56, 59, 34, 83, 24, 14, 2C, D3, 69, 68, CE, AB, D0, EB, 51, 2C, 8B, D6, E1, F3, C7, 9E, 1E, D3...
 
[+]

Code size:
224 KB (229,376 bytes)

The file k6zilh6uaw.exe has been seen being distributed by the following URL.

Remove k6zilh6uaw.exe - Powered by Reason Core Security