n.exe

Adobe Flash Player

The application n.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from reggiemenacherry.in.
Product:
Adobe Flash Player

Version:
1.0.0.0

MD5:
9a98d3a340d3f58890fdcf8d18705f25

SHA-1:
8f94bda928a91b2221a1eab5adcc9336163ab4f9

SHA-256:
8031e384c3b7a6cb0ddce80fd3b649b270909c64656d0b057cc8da2e9795b73a

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 7:20:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Androm.9
257

Avira AntiVirus
TR/Kryptik.clfug
8.3.2.4

Arcabit
Trojan.MSIL.Androm.9
1.0.0.629

avast!
MSIL:Downloader-LX [Trj]
2014.9-160523

AVG
ILCrypt
2017.0.2735

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.16523

Bitdefender
Gen:Heur.MSIL.Androm.9
1.0.20.720

Dr.Web
BackDoor.Bladabindi.1702
9.0.1.0144

Emsisoft Anti-Malware
Gen:Heur.MSIL.Androm
8.16.05.23.04

ESET NOD32
MSIL/Kryptik.CRZ (variant)
10.12734

F-Secure
Gen:Heur.MSIL.Androm.9
11.2016-23-05_2

G Data
Gen:Heur.MSIL.Androm
16.5.25

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.1.9.5.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.169

Malwarebytes
Backdoor.Bot
v2016.05.23.04

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.12300.0

MicroWorld eScan
Gen:Heur.MSIL.Androm.9
17.0.0.432

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

Quick Heal
Backdoor.Fynloski.A3
5.16.14.00

File size:
121.5 KB (124,416 bytes)

Product version:
11,5,502,146

Copyright:
Adobe® Flash® Player. Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks

Original file name:
Adobe Flash Player .exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\n.exe

File PE Metadata
Compilation timestamp:
11/15/2015 12:24:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:Z+HIHW+oJreWl5pwh12hBjsVSwmRoCm5s3gP6i/Te+DzVtd3mNJtvKKd:ZtHXoJyWs125kMgP6gC+DzVthmNJT

Entry address:
0x1470E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6773

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
74 KB (75,776 bytes)

The file n.exe has been seen being distributed by the following URL.

Remove n.exe - Powered by Reason Core Security