newhax v8.1.exe

YourProd

Our Corporation

The executable newhax v8.1.exe has been detected as malware by 29 anti-virus scanners. While running, it connects to the Internet address 2ip.ru on port 443.
Publisher:
Our Corporation

Product:
YourProd

Description:
YourTitle

Version:
1.0.0.0

MD5:
91ec516e390fd717855d66b628ed643c

SHA-1:
0cf4a85114f73582e7100cd34dfae38366f7c471

SHA-256:
95eb90e10f603818f31d816e769a625c012eea27939f2600450368bccf469f46

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
12/27/2024 12:54:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.21913
269

AegisLab AV Signature
Troj.W32.Gen.m5H0
2.1.4+

Avira AntiVirus
TR/Spy.OnlGames.pmkc
8.3.3.4

Arcabit
Trojan.Razy.D5599
1.0.0.672

avast!
Win32:Malware-gen
2014.9-160510

AVG
Atros3
2017.0.2747

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16510

Bitdefender
Gen:Variant.Razy.21913
1.0.20.655

Dr.Web
Trojan.PWS.Steam.10693
9.0.1.0131

Emsisoft Anti-Malware
Gen:Variant.Razy.21913
8.16.05.10.02

ESET NOD32
MSIL/Stimilik.IW
10.13442

Fortinet FortiGate
W32/Staem.IW!tr.pws
5/10/2016

F-Secure
Gen:Variant.Razy.21913
11.2016-10-05_3

G Data
Gen:Variant.Razy.21913
16.5.25

IKARUS anti.virus
Trojan-PSW.Win32.Staem
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.224.19517

Kaspersky
Trojan-PSW.Win32.Staem
14.0.0.232

McAfee
RDN/Generic PWS.y
5600.6403

Microsoft Security Essentials
PWS:Win32/Stimilina.C!bit
1.1.12706.0

MicroWorld eScan
Gen:Variant.Razy.21913
17.0.0.393

NANO AntiVirus
Trojan.Win32.Staem.ebulhk
1.0.30.8213

Panda Antivirus
Trj/GdSda.A
16.05.10.02

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
TrojanPWS.Stimilina.r3
5.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R011C0DDI16
10.465.10

Vba32 AntiVirus
TrojanPSW.Staem
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
49154

Zillya! Antivirus
Trojan.Staem.Win32.1594
2.0.0.2842

File size:
349.5 KB (357,888 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Trademarks:
OMG

Original file name:
Steam.exe

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/16/2016 9:08:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:SyaSPVGpRZ6PoDakC80D8lxxrX0B/AX3DfaR/7gMlqZBEBoK2oSeXdai4jh3Qb7:DM4PoDw80DAXyKTfaR/R6I

Entry address:
0x57E2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
344 KB (352,256 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 2ip.ru  (178.63.151.224:80)

Remove newhax v8.1.exe - Powered by Reason Core Security