home

load.exe

The executable load.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from exeupp.com and multiple other hosts.
MD5:
4630f8d43191b450a3e74fd6fb9c694a

SHA-1:
23331a95006f26bd7f02fbff91757163f3f47fb3

SHA-256:
441c554c659a7d677a204134ad99af7ea705a8e61a569d57b3629436679c3247

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/27/2024 10:28:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Neurevt-J [Cryp]
160213-1

Dr.Web
Trojan.Betabot.3
9.0.1.05190

ESET NOD32
Win32/Neurevt.B trojan
7.0.302.0

Microsoft Security Essentials
Threat.Undefined
1.213.6208.0

Norman
Gen:Variant.Tdss.27
03.12.2014 13:20:04

Sophos
Virus 'Mal/Neurevt-A'
5.23

File size:
138 KB (141,312 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\load.exe

File PE Metadata
Compilation timestamp:
1/10/2014 7:46:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:r9NbgUdcs0wItGd1T4a1qzqL55YHpAndLQtTeghHqlhzyfkNgs5lqA:r7bgUdcseod1TqzxylQtMzyfGdl

Entry address:
0x120A

Entry point:
55, 8B, EC, 51, 64, A1, 30, 00, 00, 00, 53, 56, 85, C0, 74, 06, 80, 78, 02, 01, 74, 30, 83, 65, FC, 00, E8, FB, FD, FF, FF, 85, C0, 74, 23, 8D, 4D, FC, 51, 8B, F0, E8, FB, FE, FF, FF, 8B, D8, 59, 85, DB, 74, 11, E8, 54, FE, FF, FF, 85, C0, 74, 08, FF, 75, FC, E8, 99, 04, 00, 00, 6A, 00, FF, 15, 00, 20, 40, 00, CC, 55, 8B, EC, 8B, 48, 14, 8D, 51, FF, 89, 50, 14, 85, C9, 75, 23, 8B, 48, 04, 8D, 51, FF, 89, 50, 04, 85, C9, 75, 04, 33, C0, 5D, C3, 8B, 08, 0F, B6, 11, 41, 89, 50, 10, 89, 08, C7, 40, 14, 07, 00...
 
[+]

Entropy:
7.9134

Developed / compiled with:
Microsoft Visual C++

Code size:
2.5 KB (2,560 bytes)

The file load.exe has been seen being distributed by the following 2 URLs.

https://exeupp.com/beta.exe

https://exeupp.com/.../beta.exe

Remove load.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.