mg8q2ydpqvxi.exe

TypoMan

The executable mg8q2ydpqvxi.exe has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from csgoprizes.comxa.com.
Product:
TypoMan

Version:
1.0.0.0

MD5:
5e2d94ca52caa51bf5d941e638ab96f9

SHA-1:
7b8a3c237d6b2c0e1ddbb15252041d5753d32c64

SHA-256:
016cd7047bbfa28ca338d1e7ba12e227b687ba0f4392d58b2ecab59b1296f0e5

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
11/16/2024 9:02:48 AM UTC  (today)

Scan engine
Detection
Engine version

Arcabit
Trojan.Zusy.D290B4
1.0.0.597

avast!
Win32:Malware-gen
2014.9-160402

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.1642

Bitdefender
Gen:Variant.Zusy.168116
1.0.20.465

Dr.Web
Trojan.DownLoader17.37494
9.0.1.093

Emsisoft Anti-Malware
Gen:Variant.Zusy.168116
8.16.04.02.03

ESET NOD32
MSIL/Injector.MPC (variant)
10.12581

Fortinet FortiGate
MSIL/Injector.MNB!tr
4/2/2016

F-Secure
Gen:Variant.Zusy.168116
11.2016-02-04_7

G Data
Gen:Variant.Zusy.168116
16.4.25

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.422

Malwarebytes
Backdoor.Agent.PDL
v2016.04.02.03

McAfee
Artemis!5E2D94CA52CA
5600.6441

MicroWorld eScan
Gen:Variant.Zusy.168116
17.0.0.279

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

SUPERAntiSpyware
Trojan.Agent/Gen-Injector
9228

File size:
526 KB (538,624 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © TypoMan 2015

Original file name:
TypoMan.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\c1mtwe7btv0d93sa\mg8q2ydpqvxi.exe

File PE Metadata
Compilation timestamp:
10/28/2015 12:59:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:EVZt6WeQsQqYRkVq/EAw8xrZWODZSkIh9qd7XzzL3k6jiC53QyAZOQc2AlqlHTmA:6tRebY/3xZLch8xw7yocyHA+cmcQpDk

Entry address:
0x84DBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
523.5 KB (536,064 bytes)

The file mg8q2ydpqvxi.exe has been seen being distributed by the following URL.

Remove mg8q2ydpqvxi.exe - Powered by Reason Core Security