home

label.exe

The executable label.exe has been detected as malware by 13 anti-virus scanners.
MD5:
14552300bf92b174f1423b73c3502cdf

SHA-1:
a37f9cbaf3da77668096d9395994254de03f5af3

SHA-256:
afb9519237a22805b44dbe030ac078138b4f1f595f1d6abcc580bf53d1125a1c

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
11/25/2024 9:32:37 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Generic
2.1.4+

Avira AntiVirus
TR/ATRAPS.Gen
7.11.178.86

AVG
Win32/DH
2015.0.3319

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.141117

ESET NOD32
Win64/Asterope (variant)
8.10565

Fortinet FortiGate
W64/Asterope.A!tr
10/16/2014

Kaspersky
Trojan.Win32.Agent
14.0.0.2931

Malwarebytes
Trojan.Agent
v2014.10.16.12

Microsoft Security Essentials
Trojan:Win64/Ropest.G
1.11005

Norman
Agent.BFGVY
11.20141016

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.17.20

SUPERAntiSpyware
Trojan.Agent/Gen-Bancos
10231

VIPRE Antivirus
Trojan.Win32.Generic
34010

File size:
131.5 KB (134,656 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\ieupdate\label.exe

File PE Metadata
Compilation timestamp:
10/14/2004 1:49:27 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:dLVvVBqQYhVchaDI4YtUJfSyF3gaPrBHUcf:dLt3q513JfSyF3HPnf

Entry address:
0x6BF0

Entry point:
48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 55, 48, 8D, AC, 24, 50, F8, FF, FF, 48, 81, EC, B0, 08, 00, 00, E8, 01, AB, FF, FF, E8, 44, F7, FF, FF, 84, C0, 0F, 84, F8, 02, 00, 00, 48, 8D, 95, 10, 06, 00, 00, B9, 02, 02, 00, 00, FF, 15, 1A, 3A, 01, 00, 85, C0, 0F, 85, DE, 02, 00, 00, 48, 8D, 0D, 8B, A7, 01, 00, 33, D2, E8, 5C, 55, 00, 00, 85, C0, 0F, 84, C8, 02, 00, 00, 48, 8D, 35, FD, A4, 01, 00, 41, B8, 04, 01, 00, 00, 33, C9, 48, 8B, D6, FF, 15, FC, 34, 01, 00, 48, 8B, CE, FF, 15, AB, 38, 01, 00, 48, 8D, 0D...
 
[+]

Entropy:
6.3936

Code size:
100 KB (102,400 bytes)

Scrnsave
Name:
label.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to us53.ua-hosting.com.ua  (162.210.196.218:80)

TCP (HTTP):
Connects to server-54-230-32-192.stl2.r.cloudfront.net  (54.230.32.192:80)

TCP (HTTP):
Connects to sea09s18-in-f26.1e100.net  (173.194.33.186:80)

TCP (HTTP SSL):
Connects to sea09s17-in-f25.1e100.net  (173.194.33.153:443)

TCP (HTTP SSL):
Connects to sea09s16-in-f27.1e100.net  (173.194.33.123:443)

TCP (HTTP):
Connects to pd-in-f95.1e100.net  (74.125.129.95:80)

TCP (HTTP SSL):
Connects to ord08s13-in-f28.1e100.net  (173.194.46.124:443)

TCP (HTTP):
Connects to oasn04a.247realmedia.com  (208.71.121.194:80)

TCP (HTTP):
Connects to net64-20-243-243.static-customer.corenap.com  (64.20.243.243:80)

TCP (HTTP SSL):
Connects to na.gmtdmp.com  (208.71.122.14:443)

TCP (HTTP):
Connects to m-prd-umpxl-adcom-mtc.evip.aol.com  (64.12.68.41:80)

TCP:
Connects to hosted-by.sigmait.org  (195.20.141.146:8090)

TCP:
Connects to hostby.echoromeonet.co.uk  (89.144.2.20:8090)

TCP (HTTP):
Connects to float.620.bm-impbus.prod.nym2.adnexus.net  (68.67.152.156:80)

TCP (HTTP):
Connects to float.1377.bm-impbus.prod.nym2.adnexus.net  (68.67.152.73:80)

TCP (HTTP):
Connects to float.1251.bm-impbus.prod.nym2.adnexus.net  (68.67.152.116:80)

TCP (HTTP):
Connects to float.1217.bm-impbus.prod.nym2.adnexus.net  (68.67.152.95:80)

TCP (HTTP):
Connects to edge-star-shv-10-ord1.facebook.com  (31.13.74.144:80)

TCP (HTTP):
Connects to ec2-54-86-103-76.compute-1.amazonaws.com  (54.86.103.76:80)

TCP (HTTP):
Connects to ec2-54-85-76-73.compute-1.amazonaws.com  (54.85.76.73:80)

Remove label.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.