home

loadleader.exe

LoadLeader

The application loadleader.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address go.mail.ru on port 80 using the HTTP protocol.
Product:
LoadLeader

Version:
0.97

MD5:
3798cb337a7c803ac0812b5533fe702c

SHA-1:
e3748919c81c67c5ec6a8c43969e833b5ce7322b

SHA-256:
ccb79e1855e1dea595b73eb1541cabe613a581afe17591a3f0c30b4666a8e1c6

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:33:33 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.MSIL.Yelloader
4.0.3.15114

Dr.Web
Trojan.Zadved.51
9.0.1.05190

ESET NOD32
MSIL/Yelloader.A potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.MSIL.Yelloader
t3scan.1.9.5.0

File size:
963.5 KB (986,624 bytes)

Product version:
0.97

Copyright:
Copyright © 2014

Original file name:
loadleader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\loadleader\loadleader.exe

File PE Metadata
Compilation timestamp:
11/2/2015 2:04:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:2AmKd0eFbIT2spWTR02q6/wYihJCu0pLsnJ/JFX+1RuFgF:020exITql09kwLuudJtQF

Entry address:
0xEBF8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
936 KB (958,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to go.mail.ru  (217.69.139.51:80)

TCP (HTTP):
Connects to bpwnl  (31.204.155.162:80)

TCP (HTTP):
Connects to vz1.hostlife.net  (195.16.90.18:80)

TCP (HTTP):
Connects to u10048.col.agava.net  (89.108.119.46:80)

TCP (HTTP):
Connects to ip-static-94-242-203-101.server.lu  (94.242.203.101:80)

Remove loadleader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.