» l0xyil.exe
Overview
Analysis
File Details

l0xyil.exe

ITEA LLC

The executable l0xyil.exe has been detected as malware by 10 anti-virus scanners.

File name:

l0xyil.exe

Publisher:

ITEA LLC (signed and verified)

MD5:

3ae8584ff75127d37f35675876920fd2

SHA-1:

739448062f84a22a5b9160c473d5c7d84a1241a2

SHA-256:

4539ba0fa9391eb75a8141a0a7ffdf606d863e0c62917a462b7d5c641617c682

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

11/15/2024 3:48:44 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160518-2

AVG

Win32/Mabezat

2015.0.4568

Dr.Web

Trojan.StartPage1.25621

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

11.5.0.6191

ESET NOD32

Win32/Mabezat.A virus

7.0.302.0

F-Prot

W32/Mabezat.A-2

4.6.5.141

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.654.0

Norman

Win32.Worm.Mabezat.Gen

19.05.2016 01:04:49

File size:

356.3 KB (364,855 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hpdef\l0xyil.exe

Digital Signature

Signed by:

ITEA LLC

Authority:

COMODO CA Limited

Valid from:

2/18/2016 12:00:00 AM

Valid to:

2/17/2017 11:59:59 PM

Subject:

CN="""ITEA"" LLC", OU=IT, O="""ITEA"" LLC", STREET="prosp. Vyzvolyteliv, 5", L=Kiev, S=Kiev, PostalCode=02660, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

277A5AD5AF3F7ADB181C76A58924E916

File PE Metadata

Compilation timestamp:

3/9/2016 4:22:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:vBnDWf2uZ2SOf5WV+CueyC7/3D+6ltJSTpoqf5nqewXwqqK/:JDC2uZ2SOf50+xC7/z+2JSTpo7XwvK/

Entry address:

0x13F8D

Entry point:

BB, 64, DB, 0F, 41, 93, E9, 20, 01, 00, 00, 16, BC, 1F, 1B, C7, 4B, 1F, 1B, 67, B4, A2, 9F, 9F, 1F, 9F, 9F, BB, 9F, 9F, 9F, FE, D0, D5, D0, CF, D0, D8, D6, D5, 9F, 9F, 9F, 13, 00, 19, 04, 01, 00, 0C, 00, CD, 03, 0B, 0B, 9F, 9F, 9F, 9F, FB, 9F, 9F, 9F, E5, 11, 04, 04, EB, 08, 01, 11, 00, 11, 18, 9F, E2, 11, 04, 00, 13, 04, E3, 08, 11, 04, 02, 13, 0E, 11, 18, E0, 9F, 9F, 9F, 9F, E6, 04, 13, F6, 08, 0D, 03, 0E, 16, 12, E3, 08, 11, 04, 02, 13, 0E, 11, 18, E0, 9F, 9F, 9F, 9F, E6, 04, 13, EC, 0E, 03, 14, 0B, 04... 
[+]

Code size:

136 KB (139,264 bytes)

Remove l0xyil.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.