home

m216.exe

The executable m216.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘mucozumsophy’. While running, it connects to the Internet address server88-208-216-219.live-servers.net on port 80 using the HTTP protocol.
MD5:
6a0fe6c9334cd4da517d8d8d8b68db36

SHA-1:
a69dab62046ed93372c238650579945de58ed3ba

SHA-256:
d8f2ba2310d14d86a5feb8e30843466ab193eed895487c6ce972ed645c46321c

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/16/2024 3:45:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1569468
907

Agnitum Outpost
Backdoor.Pushdo
7.1.1

AhnLab V3 Security
Trojan/Win32.Zbot
2014.08.05

Avira AntiVirus
TR/Rogue.1569468
7.11.165.44

avast!
Win32:Zbot-TCT [Trj]
2014.9-140811

AVG
BackDoor.Generic18
2015.0.3385

Baidu Antivirus
Backdoor.Win32.Pushdo
4.0.3.14811

Bitdefender
Trojan.GenericKD.1569468
1.0.20.1115

Comodo Security
TrojWare.Win32.Cutwail.CKB
19083

Dr.Web
BackDoor.Bulknet.1150
9.0.1.0223

Emsisoft Anti-Malware
Trojan.GenericKD.1569468
8.14.08.11.02

ESET NOD32
Win32/Wigon.PH
8.10202

Fortinet FortiGate
W32/Wonton.AQ!tr
8/11/2014

F-Secure
Trojan.GenericKD.1569468
11.2014-11-08_2

G Data
Trojan.GenericKD.1569468
14.8.24

IKARUS anti.virus
Trojan-Downloader.Win32.Upatre
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.182.12945

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3422

Malwarebytes
Spyware.Zbot
v2014.08.11.02

McAfee
RDN/Generic BackDoor!xc
5600.7041

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail
1.10802

MicroWorld eScan
Trojan.GenericKD.1569468
15.0.0.669

NANO AntiVirus
Trojan.Win32.AXPA.cuaztt
0.28.2.61349

nProtect
Backdoor/W32.Pushdo.99840
14.08.04.01

Panda Antivirus
Generic Malware
14.08.11.02

Qihoo 360 Security
Win32/Trojan.9dd
1.0.0.1015

Quick Heal
TrojanDownloader.Cutwail.r4
8.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.1676121C!376836636
23.00.65.14809

Sophos
Troj/Zbot-HOH
4.98

Trend Micro House Call
TROJ_CUTWAIL.XYU
7.2.223

Trend Micro
TROJ_CUTWAIL.XYU
10.465.11

Vba32 AntiVirus
Backdoor.Pushdo
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Upatre.jr
31918

ViRobot
Backdoor.Win32.A.Pushdo.99840
2011.4.7.4223

XVirus List
Win32.Detected
2.8.11

File size:
97.5 KB (99,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\m216.exe

File PE Metadata
Compilation timestamp:
8/1/2011 2:19:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:oTOyOvIW+je/FBXZ12z4j+niWehN/38kayqA5Aq+/YJs:oMvIW+jqFBXZEMjUmZGyq2Aq+

Entry address:
0x10B8

Entry point:
E8, B9, EC, 00, 00, E9, 20, D7, 00, 00, E8, 4F, DD, 00, 00, FF, 74, 24, 04, E8, A6, DB, 00, 00, FF, 35, 20, 92, 41, 00, E8, 27, E5, 00, 00, 68, FF, 00, 00, 00, FF, D0, 83, C4, 0C, C3, 83, 3D, D0, AA, 41, 00, 00, 74, 1A, 68, D0, AA, 41, 00, E8, D9, F1, 00, 00, 85, C0, 59, 74, 0B, FF, 74, 24, 04, FF, 15, D0, AA, 41, 00, 59, E8, 32, F1, 00, 00, 68, 74, 51, 41, 00, 68, 60, 51, 41, 00, E8, 8E, D9, 00, 00, 85, C0, 59, 59, 75, 54, 56, 57, 68, 72, F5, 40, 00, E8, FF, F0, 00, 00, BE, 58, 51, 41, 00, 8B, C6, BF, 5C...
 
[+]

Code size:
77.5 KB (79,360 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
mucozumsophy

Command:
C:\users\alex\mucozumsophy.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server88-208-216-219.live-servers.net  (88.208.216.219:80)

TCP (HTTP):
Connects to lb07.virt.lolipop.jp  (210.172.144.61:80)

TCP (HTTP):
Connects to 193-36-43-104.webhostingireland.ie  (193.36.43.104:80)

Remove m216.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.