home

mgani.exe

Tolaracol

Gesuk

The executable mgani.exe, “Tolaracol Setup ” has been detected as malware by 5 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.hostingupdatecity.com.
Publisher:
Gesuk

Product:
Tolaracol

Description:
Tolaracol Setup

MD5:
39524ad2ab91c169dbfd286d9a43ef96

SHA-1:
d2438e333081e949923745d8dd928e20eab2905d

SHA-256:
a2e2224f7288e079c7cd8aeff241218f30f75bb86bb2c7e46dc5890d5afbaadd

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
1/13/2025 12:35:59 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4591

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1506.0

File size:
1013.2 KB (1,037,536 bytes)

Product version:
5.7

Copyright:
Stub

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mgani.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:977lmSYN3NrOd0KGPeI5MHCHtwysk7A9AIZpulmYmdP1c33SjeP3:97ZOyqPTKCtZs0A9Al6dP1mSi/

Entry address:
0xAA98

Entry point:
60, 85, E9, 89, C6, 89, FB, 75, 08, C7, C0, 3D, BD, 7E, E9, 86, D6, 68, 11, 57, 3A, 00, 87, C0, 8A, F2, 29, EA, 84, E7, 2B, CD, 8A, F4, E8, 00, 00, 00, 00, 8B, C1, 1B, C9, F3, F3, F3, 69, C7, 73, F7, 06, 1C, 31, E9, 2C, EE, 57, 2A, EE, 0F, AF, CB, 5A, 87, F0, 20, ED, BD, 1D, 24, 01, 76, 0F, AF, CE, 48, 8A, C2, BF, 00, 00, 00, 00, 0F, BF, EE, 87, EE, 33, FA, FE, CD, F2, 4E, 33, DF, 2B, F0, 8B, EB, BD, 57, 01, 79, D6, 59, 81, FE, C0, 2F, 00, 00, 76, 01, 4D, 81, FD, 0E, FF, 00, 00, 70, 0B, 3B, FA, 0F, BF, E9...
 
[+]

Entropy:
7.9410  (probably packed)

Code size:
40.5 KB (41,472 bytes)

The file mgani.exe has been seen being distributed by the following URL.

http://www.hostingupdatecity.com/c?x=I7KVxqS4ZfGv7r4zwy01I/YUStGfGTDgKZ2N3Apixys=&c=9uRs9qqDNMEvJk3O1PtpKQJkheeW7gzcyoHbzuxx8UY24/ZMaZb3xme8SjwRweHOs6lXpbqTALwe6UoTDaGYSqB05LEcirwkkkxGIlGMdvKKDZ4kN25a9UIYnwpmVUnQ&downloadAs=Mgani.exe&fallback_url=http://.../get.php?file=8d32215f&m3

Remove mgani.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.