» moses.exe
Overview
Analysis
File Details
Network (2)

moses.exe

The application moses.exe has been detected as a potentially unwanted program by 18 anti-malware scanners.

File name:

moses.exe

MD5:

56c213a3ebd8fa648b62cfdeca1d0b2e

SHA-1:

c502e804d0ea06047f820e3726bc822f6b516628

SHA-256:

9bc65f66eae1fc15fd1d756010b9a6fb3ba518b926aff46b350e75ecabc9065c

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

12/28/2024 8:38:19 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Linkury

7.1.1

Arcabit

Adware.Agent.QBU

1.0.0.593

avast!

Win32:Rootkit-gen [Rtk]

2014.9-151115

AVG

Generic36

2016.0.2925

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.151115

Bitdefender

Adware.Agent.QBU

1.0.20.1595

Bkav FE

W32.KryptikBublikAK.Trojan

1.3.0.7383

Emsisoft Anti-Malware

Adware.Agent.QBU

8.15.11.15.10

ESET NOD32

Win32/Toolbar.Linkury.AC potentially unwanted (variant)

9.12568

F-Secure

Adware.Agent.QBU

11.2015-15-11_1

G Data

Adware.Agent.QBU

15.11.25

K7 AntiVirus

Adware

13.212.17856

Malwarebytes

PUP.Optional.Linkury

v2015.11.15.10

MicroWorld eScan

Adware.Agent.QBU

16.0.0.957

nProtect

Adware.Agent.QBU

15.11.13.01

Qihoo 360 Security

QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

Threat.Win.Reputation.IMP

15.11.15.10

VIPRE Antivirus

Trojan.Win32.Generic

45216

File size:

485.5 KB (497,152 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\moses.exe

File PE Metadata

Compilation timestamp:

11/15/2015 9:40:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:kx7U8bW1mVSEWIMiraaZAkqDbyBclE0plWX1+j63t:ktBbs8paWAkqD6cy0LM+G3t

Entry address:

0x21724

Entry point:

E8, F8, B3, 00, 00, E9, 7F, FE, FF, FF, E8, C2, 66, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 0C, 1E, 45, 00, 74, 10, 8B, 0D, D0, 1E, 45, 00, 85, 4A, 70, 75, 05, E8, 04, 5D, 00, 00, 8B, 40, 04, C3, E8, 9C, 66, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 0C, 1E, 45, 00, 74, 10, 8B, 0D, D0, 1E, 45, 00, 85, 4A, 70, 75, 05, E8, DE, 5C, 00, 00, 05, A0, 00, 00, 00, C3, E8, 74, 66, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 0C, 1E, 45, 00, 74, 10, 8B, 0D, D0, 1E, 45, 00, 85, 4A, 70, 75, 05, E8, B6, 5C, 00, 00, 8B, 40, 74, C3, 55, 8B... 
[+]

Code size:

223.5 KB (228,864 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to haproxy8.ca.servers.visadd.com (198.50.141.128:80)

TCP (HTTP):

Connects to ec2-50-19-113-85.compute-1.amazonaws.com (50.19.113.85:80)

Remove moses.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.