list.exe

The executable list.exe has been detected as malware by 11 anti-virus scanners. While running, it connects to the Internet address hserv26.homehost.com.br on port 80 using the HTTP protocol.
MD5:
0ddd0f1d60950a16d28f11f865d0c78e

SHA-1:
120c75788f0595741317dd75a5885975ecd58d68

SHA-256:
f53b768a77bef8166730b5fb64e7555b92d32ebc3a30616b2f598aec999736c6

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
11/27/2024 3:56:38 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160126-1

AVG
Win32/PolyCrypt
2015.0.4477

Dr.Web
Trojan.PWS.Banker1.19028
9.0.1.05190

Emsisoft Anti-Malware
Gen:Trojan.Heur.PT.okWabmpdZHlG
10.0.0.5366

ESET NOD32
Win32/Spy.Banker.ABZK trojan
7.0.302.0

F-Prot
W32/Bredolab.O.gen
4.6.5.141

F-Secure
Trojan.Heur.PT.okWabmpdZHlG
5.15.21

McAfee
Trojan.Artemis!0DDD0F1D6095
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5542.0

Norman
Gen:Trojan.Heur.PT.okWabmpdZHlG
03.12.2014 13:20:04

VIPRE Antivirus
Threat.4727002
46938

File size:
2.2 MB (2,336,533 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\list.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
49152:75cAv2waHzLFOvZ9KtgQlAF7XtS3DPyJTUbJfm+mPSbOlbMVEvV:KAv2zHzLF0KKRo3DPskm+mPSSl46

Entry address:
0xF47738

Entry point:
60, E8, 00, 00, 00, 00, 8B, 2C, 24, 83, C4, 04, 83, 7C, 24, 28, 01, 75, 0C, 8B, 44, 24, 24, 89, 85, D6, 05, 00, 00, EB, 0C, 8B, 85, D2, 05, 00, 00, 89, 85, D6, 05, 00, 00, E8, 4C, 01, 00, 00, 8D, B5, FE, 05, 00, 00, 8D, 9D, 85, 04, 00, 00, 33, FF, E8, 77, 01, 00, 00, EB, 1B, 8B, 85, D6, 05, 00, 00, FF, 74, 37, 04, 01, 04, 24, FF, 34, 37, 01, 04, 24, FF, D3, 83, C4, 08, 83, C7, 08, 83, 3C, 37, 00, 75, DF, 83, BD, E2, 05, 00, 00, 00, 74, 0E, 83, BD, E6, 05, 00, 00, 00, 74, 05, E8, 15, 02, 00, 00, 8D, 74, 37...
 
[+]

Packer / compiler:
ASPack v1.08.04

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hserv26.homehost.com.br  (177.85.96.86:80)

Remove list.exe - Powered by Reason Core Security