home

msn.exe

The executable msn.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘apo5’.
MD5:
d3bae29754133ca734e23e4f82277185

SHA-1:
61976fe4def018766b9a005671dd5a76a68c0c6f

SHA-256:
2faea7d956b8bc8d344e67f0ced3d9ce6e180d250eb01927a46f8ced820ec377

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/13/2025 4:27:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Worm.Macoute (H)
17.2.24.14

File size:
513 KB (525,312 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/21/2004 12:22:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.20

Entry address:
0x12C0

Entry point:
C6, C6, CC, 8D, 35, A2, FE, 02, CC, 69, D3, 9F, 8C, E4, 6B, 84, C6, 85, CB, FF, C9, 76, 02, FE, CE, 1A, EC, 80, E1, 71, F2, 21, F9, BF, EB, 10, 20, 23, EB, 04, 4D, 0F, B6, FA, F6, C7, 60, 8D, 3D, 33, 13, D2, 7A, 0B, FF, 51, 5F, 6B, D2, 00, 8B, D7, 85, F7, 85, E8, 8B, EA, 85, D8, 76, 03, 0F, AF, F8, FE, CE, 47, 8A, F4, 8D, 4D, 00, 81, FD, 87, D6, 00, 00, 71, 03, 0F, AF, F8, 81, FB, 84, D0, 00, 00, 77, 0A, 8A, F3, 69, F9, 5E, A5, 6A, B8, FE, CE, 51, 74, 01, 4D, 5E, FF, CF, 29, EA, FF, CD, 85, D0, 78, 05, 0F...
 
[+]

Code size:
232 KB (237,568 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
apo5

Command:
C:\win\msn.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 93-89-224-9.fbs.com.tr  (93.89.224.9:80)

TCP (HTTP):
Connects to mailserver40.mylittledatacenter.com  (144.76.167.153:80)

TCP (HTTP):
Connects to HDRedirect-LB3-890977680.us-east-1.elb.amazonaws.com  (68.168.222.206:80)

TCP (HTTP):
Connects to 210.151.74.137.fr.axspace.com  (137.74.151.210:80)

Remove msn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.