home

MeGaHeRTZ.exe

MeGaHeRTZ PaTCHeR

MeGaHeRTZ TeaM

The executable MeGaHeRTZ.exe has been detected as malware by 16 anti-virus scanners. While running, it connects to the Internet address kickme.to on port 80 using the HTTP protocol.
Publisher:
MeGaHeRTZ TeaM

Product:
MeGaHeRTZ PaTCHeR

Version:
3.0

MD5:
ce0bee28c2164c69a1c669f4b3b23a38

SHA-1:
21911cf5298e8fec32eecb245a8a9f8404b6cdee

SHA-256:
e8e9c1832484759bce976680423d24cfa9a92a2ae2f1f5394cf049bc0df89fd8

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
12/26/2024 8:10:23 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
HEUR/Malware
7.11.171.170

avast!
Win32:Malware-gen
2014.9-140911

AVG
HackTool
2015.0.3355

Baidu Antivirus
Hacktool.Win32.Crack
4.0.3.14911

Bkav FE
HW32.Paked
1.3.0.4959

ESET NOD32
Win32/HackTool.Crack.CO (variant)
8.10400

IKARUS anti.virus
HackTool.Crack.MhZ
t3scan.1.7.8.0

Malwarebytes
Trojan.CallHome.Mhz
v2014.09.11.10

McAfee
RDN/Generic PUP.z!do
5600.7011

Norman
Suspicious_Gen4.DAQUB
11.20140911

Panda Antivirus
Trj/OCJ.E
14.09.11.10

Rising Antivirus
PE:Trojan.Injector!1.9DEE
23.00.65.14909

Sophos
Generic PUA CB
4.98

Trend Micro House Call
TROJ_GEN.R0C1H06F514
7.2.254

VIPRE Antivirus
Trojan.Win32.Generic
33012

ViRobot
JS.A.Iframe.454656.D
2011.4.7.4223

File size:
444 KB (454,656 bytes)

Product version:
3.0

Copyright:
MeGaHeRTZ TeaM

Original file name:
MeGaHeRTZ.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\acoustica mixcraft 6\megahertz.exe

File PE Metadata
Compilation timestamp:
2/13/2013 7:57:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
12288:sae8vhMKIaGDGXWfFR5bBRv29DV6NsIlyG:HeShMJ6XWZ29UNsEv

Entry address:
0x14B2C0

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10...
 
[+]

Entropy:
7.9558

Packer / compiler:
ASPack v1.08.04

Code size:
435 KB (445,440 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (SMTP):
Connects to vcs-s-m-yc.mail.vip.ir2.yahoo.com  (217.146.190.250:25)

TCP (HTTP):
Connects to ns261.altervista.org  (85.10.206.73:80)

TCP (HTTP):
Connects to kickme.to  (67.210.119.249:80)

Remove MeGaHeRTZ.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.