MSPHack.exe

MSPHack

The executable MSPHack.exe has been detected as malware by 23 anti-virus scanners.
Product:
MSPHack

Version:
1.0.0.0

MD5:
5eac5bdca1b84eb00d4ed983eaeae9a4

SHA-1:
92d696c9632a8866f17f284669d4564de3024a9f

SHA-256:
093ee850f921c918b50002764df828d7dd67ab9271dd1128a59a1b942ba3c3dc

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/24/2024 3:59:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.20019024
31

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Generic.C1708583
3.8.2.16

Avira AntiVirus
TR/Agent.aijzp
8.3.3.4

Arcabit
Trojan.Generic.D1317750
1.0.0.792

avast!
Win32:Malware-gen
2014.9-170103

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.1713

Bitdefender
Trojan.Generic.20019024
1.0.20.15

Emsisoft Anti-Malware
Trojan.Generic.20019024
8.17.01.03.12

Fortinet FortiGate
W32/Generic!tr
1/3/2017

F-Secure
Trojan.Generic.20019024
11.2017-03-01_3

G Data
Trojan.Generic.20019024
17.1.25

IKARUS anti.virus
Trojan.Agent
0.1.3.4

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-958

McAfee
Artemis!5EAC5BDCA1B8
5600.6165

MicroWorld eScan
Trojan.Generic.20019024
18.0.0.9

Panda Antivirus
Trj/CI.A
17.01.03.12

Qihoo 360 Security
Win32/Trojan.fd7
1.0.0.1120

Rising Antivirus
Trojan.Generic!8.C3-Pw9c2iRaFwQ (cloud)
23.00.65.17101

Trend Micro House Call
TROJ_GEN.R08NC0ELH16
7.2.3

Trend Micro
TROJ_GEN.R08NC0ELH16
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
54626

ViRobot
Trojan.Win32.Z.Small.1161728[h]
2014.3.20.0

File size:
1.1 MB (1,161,728 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
MSPHack.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\jack30t, inc\mspsuite\msphack.exe

File PE Metadata
Compilation timestamp:
7/14/2012 12:47:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xCD2F

Entry point:
E8, E1, 5C, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 58, F0, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 00, B0, 41, 00, C9, C2, 08, 00, C3, B8, 63, 35, 41, 00, A3, E4, 28, 42, 00, C7, 05, E8, 28, 42, 00, 4A, 2C, 41, 00, C7, 05, EC, 28, 42, 00, FE, 2B, 41, 00, C7, 05, F0, 28, 42, 00, 37, 2C, 41, 00, C7...
 
[+]

Code size:
102 KB (104,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-229-9-166.eu-west-1.compute.amazonaws.com  (54.229.9.166:80)

TCP (HTTP):
Connects to ec2-52-18-190-181.eu-west-1.compute.amazonaws.com  (52.18.190.181:80)

TCP (HTTP):
Connects to ec2-34-251-76-5.eu-west-1.compute.amazonaws.com  (34.251.76.5:80)

TCP (HTTP):
Connects to ec2-52-18-79-199.eu-west-1.compute.amazonaws.com  (52.18.79.199:80)

TCP (HTTP):
Connects to ec2-54-171-40-113.eu-west-1.compute.amazonaws.com  (54.171.40.113:80)

TCP (HTTP):
Connects to server-54-230-202-156.fra50.r.cloudfront.net  (54.230.202.156:80)

TCP (HTTP):
Connects to ec2-54-77-183-35.eu-west-1.compute.amazonaws.com  (54.77.183.35:80)

TCP (HTTP):
Connects to server-54-230-78-211.cdg50.r.cloudfront.net  (54.230.78.211:80)

TCP (HTTP):
Connects to server-54-230-78-192.cdg50.r.cloudfront.net  (54.230.78.192:80)

TCP (HTTP):
Connects to server-54-230-78-178.cdg50.r.cloudfront.net  (54.230.78.178:80)

TCP (HTTP):
Connects to ec2-52-210-98-210.eu-west-1.compute.amazonaws.com  (52.210.98.210:80)

TCP (HTTP):
Connects to ec2-34-248-166-157.eu-west-1.compute.amazonaws.com  (34.248.166.157:80)

TCP (HTTP):
Connects to server-54-230-130-223.ams50.r.cloudfront.net  (54.230.130.223:80)

TCP (HTTP):
Connects to server-54-230-78-210.cdg50.r.cloudfront.net  (54.230.78.210:80)

TCP (HTTP):
Connects to server-54-192-44-84.fra6.r.cloudfront.net  (54.192.44.84:80)

TCP (HTTP):
Connects to ec2-52-50-12-231.eu-west-1.compute.amazonaws.com  (52.50.12.231:80)

TCP (HTTP):
Connects to server-54-230-78-213.cdg50.r.cloudfront.net  (54.230.78.213:80)

TCP (HTTP):
Connects to server-54-230-197-241.lhr50.r.cloudfront.net  (54.230.197.241:80)

TCP (HTTP):
Connects to server-54-192-44-44.fra6.r.cloudfront.net  (54.192.44.44:80)

TCP (HTTP):
Connects to server-54-192-44-179.fra6.r.cloudfront.net  (54.192.44.179:80)

Remove MSPHack.exe - Powered by Reason Core Security