» moderator hack.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

moderator hack.exe

It runs as a separate (within the context of its own process) windows Service named “McAfee Application Installer Cleanup (0108021451052136)”. The file has been seen being downloaded from mega.nz and multiple other hosts.

File name:

moderator hack.exe

MD5:

1ffdb4447b5457ca1d009be767d6aa45

SHA-1:

b3b4c00554be9d7d434c4d9030c2e56706e24055

SHA-256:

4734522a3b7381a28594a9b8638a144477d0a25639ba11f5f291e9e304f3b19c

Scanner detections:

3 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/5/2024 5:40:21 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

8.3.2.4

IKARUS anti.virus

Trojan.Dropper

t3scan.1.9.5.0

Qihoo 360 Security

HEUR/QVM01.1.Malware.Gen

1.0.0.1077

File size:

865.5 KB (886,272 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\moderator hack.exe

File PE Metadata

Compilation timestamp:

12/25/2015 9:52:29 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.22

CTPH (ssdeep):

12288:llQJMXifiVGOcRqjrHNz4hSbEJYUlm8qK0S:llQqXifiQOcRqjrHNzCSmYU3/H

Entry address:

0x1280

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, EC, 72, 48, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, EC, 72, 48, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 14, 73, 48, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 08, 73, 48, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 8B, 0D, 54, 52, 47, 00, 85, C9, 74, 38, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 60, 47, 00, E8, C0, 05, 02, 00, 52, 85, C0, 74... 
[+]

Entropy:

5.7343

Code size:

463 KB (474,112 bytes)

Service

Display name:

McAfee Application Installer Cleanup (0108021451052136)

Service name:

0108021451052136mcinstcleanup

Type:

Win32OwnProcess

The file moderator hack.exe has been seen being distributed by the following 2 URLs.

https://mega.nz/temporary/.../qYkGWYhY

http://download1348.mediafire.com/rox5d1z09qhg/.../Moderator Hack.exe

Scan moderator hack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.