» n19.exe
Overview
Analysis
File Details
Network (7)

n19.exe

The executable n19.exe has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address stats.red.mysitehosted.com on port 80 using the HTTP protocol.

File name:

n19.exe

MD5:

e0ed98a4fd41172a21dfce2be612cb36

SHA-1:

d9bb851948d644efdad15c444555f729ebddc4d7

SHA-256:

cce4a2242b32d8b68f2448f9e3c795ab1fcaf305abd92a49ef20047ac64923e6

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/23/2024 10:22:16 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-140408

ESET NOD32

Win32/Kryptik.BZGH (variant)

8.9649

Kaspersky

Backdoor.Win32.Pushdo

14.0.0.4048

File size:

99.5 KB (101,888 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\n19.exe

File PE Metadata

Compilation timestamp:

12/13/2013 7:25:50 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.10

CTPH (ssdeep):

1536:3lpo++nZJDsK/6tT6imAfGynAl10YdbaPOa5+3:1a++nZj/6tT6i5vAl10YG5+3

Entry address:

0x19EF

Entry point:

E8, 73, 77, 00, 00, E9, 8C, FB, 00, 00, 56, 57, B8, 80, 6F, 41, 00, BF, 80, 6F, 41, 00, 3B, C7, 8B, F0, 73, 0F, 8B, 06, 85, C0, 74, 02, FF, D0, 83, C6, 04, 3B, F7, 72, F1, 5F, 5E, C3, FF, 15, B0, 50, 41, 00, C2, 04, 00, A1, F0, 93, 41, 00, 83, F8, FF, 74, 16, 50, FF, 35, 08, A4, 41, 00, E8, 19, 01, 01, 00, 59, FF, D0, 83, 0D, F0, 93, 41, 00, FF, A1, F4, 93, 41, 00, 83, F8, FF, 74, 0E, 50, FF, 15, B8, 50, 41, 00, 83, 0D, F4, 93, 41, 00, FF, E9, BB, 03, 00, 00, 56, E8, 2D, 02, 01, 00, 8B, F0, 85, F6, 75, 08... 
[+]

Entropy:

6.5164

Code size:

79 KB (80,896 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to url.hover.com (64.99.80.30:80)

TCP (HTTP):

Connects to unknown.scnet.net (204.93.213.45:80)

TCP (HTTP):

Connects to stats.red.mysitehosted.com (23.91.121.152:80)

TCP (HTTP):

Connects to static.115.86.76.144.clients.your-server.de (144.76.86.115:80)

TCP (HTTP):

Connects to p3pwssweb-v01.prod.phx3.secureserver.net (97.74.42.79:80)

TCP (HTTP):

Connects to host75-203-110-95.serverdedicati.aruba.it (95.110.203.75:80)

TCP (HTTP):

Connects to cluster015.ovh.net (213.186.33.3:80)

Remove n19.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.