kb07410890.exe

How it happens

The executable kb07410890.exe has been detected as malware by 2 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘lja7shayne10’. While running, it connects to the Internet address mx1.hotmail.com on port 25.
Publisher:
How it happens

Product:
How it happens

Version:
5.0.0.5

MD5:
d5e39d59598b81f40c0890971229690d

SHA-1:
862530219031b19b2c82cea8c1047f8d4e6b69e6

SHA-256:
3031c9ac60dfda11ca307669c258ff0dde3d970f13774a9783d65cd870e82b69

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/26/2024 2:43:00 PM UTC  (today)

Scan engine
Detection
Engine version

Microsoft Security Essentials
Trojan:Win32/Peals.B!cl
1.233.4265.0

Reason Heuristics
Threat.Generic
17.1.10.11

File size:
138 KB (141,312 bytes)

Product version:
5.0.0.5

Copyright:
Copyright © 2007-2014 How it happens

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\kb07410890.exe

File PE Metadata
Compilation timestamp:
1/10/2017 3:42:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x3685

Entry point:
E8, 09, 5C, 00, 00, E9, 16, FE, FF, FF, 8B, 44, 24, 04, 56, 33, F6, 3B, C6, 75, 1D, E8, 09, 02, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 9A, 01, 00, 00, 83, C4, 14, 6A, 16, 58, 5E, C3, 8B, 0D, 1C, 30, 42, 00, 89, 08, 33, C0, 5E, C3, 8B, 44, 24, 04, 56, 33, F6, 3B, C6, 75, 1D, E8, D5, 01, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 66, 01, 00, 00, 83, C4, 14, 6A, 16, 58, 5E, C3, 8B, 0D, 20, 30, 42, 00, 89, 08, 33, C0, 5E, C3, 8B, 44, 24, 04, 56, 33, F6, 3B, C6, 75, 1D, E8, A1, 01...
 
[+]

Entropy:
6.5705

Code size:
69.5 KB (71,168 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
lja7shayne10

Command:
C:\recycler\{random}\lja7shayne10.exe


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to customer.worldstream.nl  (217.23.14.123:5500)

TCP (SMTP):
Connects to mx1.hotmail.com  (65.55.92.168:25)

TCP (SMTP):
Connects to smtp.aliceposta.it  (82.57.200.133:25)

TCP (SMTP):
Connects to mta-v4.mail.vip.gq1.yahoo.com  (98.136.217.203:25)

TCP (SMTP):
Connects to mta-v3.mail.vip.gq1.yahoo.com  (98.136.217.202:25)

TCP (SMTP):
Connects to mta-v2.mail.vip.bf1.yahoo.com  (66.196.118.34:25)

TCP (SMTP):
Connects to mta-v1.mail.vip.gq1.yahoo.com  (98.136.216.26:25)

TCP:
Connects to mail.uk2.net.cust.a.hostedemail.com  (216.40.42.137:587)

Remove kb07410890.exe - Powered by Reason Core Security