perx.exe

x1nixmzeng

The application perx.exe has been detected as a potentially unwanted program by 37 anti-malware scanners. The file has been seen being downloaded from mega.nz and multiple other hosts.
Publisher:
x1nixmzeng

Description:
x1nject

Version:
1.0.0.0

MD5:
e974a7ed7fa0c096aa1f59ae6d8cce72

SHA-1:
24b215e712fa745ac94d033ee7c5a556a5df0dab

SHA-256:
d042a6add7b1547e5165d0c0c0f0eb21ee778b44c27e0a2bbce9f02b79156c0b

Scanner detections:
37 / 68

Status:
Potentially unwanted

Analysis date:
11/30/2024 3:26:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Agent.CZ
1029

Agnitum Outpost
Backdoor.Poison
7.1.1

AhnLab V3 Security
Backdoor/Win32.Poison
14.04.11

Avira AntiVirus
SPR/Tool.inj.268800
7.11.142.206

avast!
Win32:Inject-AAR [PUP]
2014.9-140411

AVG
HackTool
2015.0.3507

Baidu Antivirus
Hacktool.Win32.GameHack
4.0.3.14411

Bitdefender
Application.Agent.CZ
1.0.20.505

Bkav FE
W32.Clod8ec.Trojan
1.3.0.4959

Comodo Security
ApplicUnwnt.Win32.ToolInj.2688000
18087

Dr.Web
Tool.Inject.9
9.0.1.0101

ESET NOD32
Win32/HackTool.Inject (variant)
8.9667

Fortinet FortiGate
Riskware/X1nject
4/11/2014

F-Prot
W32/MalwareS.BACP
v6.4.7.1.166

F-Secure
Hack-Tool:W32/Injector.D
11.2014-11-04_6

G Data
Application.Agent.CZ
14.4.24

IKARUS anti.virus
not-a-virus:RiskTool.Win32.Inject
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11737

Kaspersky
Trojan-Spy.Win32.ICQ
14.0.0.4030

Malwarebytes
HackTool.Agent
v2014.04.11.09

McAfee
Generic BackDoor!bgb
5600.7163

Microsoft Security Essentials
HackTool:Win32/Injectxin
1.10401

MicroWorld eScan
Application.Agent.CZ
15.0.0.303

NANO AntiVirus
Trojan.Win32.Poison.bmhcw
0.28.0.59048

Norman
Suspicious_Gen2.CCX
11.20140411

nProtect
Trojan/W32.HackTool.268800
14.04.11.01

Panda Antivirus
Bck/Poison.F
14.04.11.09

Quick Heal
HackTool.Injectxin (Not a Virus)
4.14.12.00

Rising Antivirus
PE:Trojan.Win32.Generic.12361D5D!305536349
23.00.65.14409

Sophos
Mal/Generic-E
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Falcomp
10671

Total Defense
Win32/Poison.DZ
37.0.10871

Trend Micro House Call
TROJ_SPNR.14JU11
7.2.101

Trend Micro
TROJ_SPNR.14JU11
10.465.11

Vba32 AntiVirus
TrojanSpy.ICQ.dk
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28194

ViRobot
Backdoor.Win32.Poison.268800.A
2011.4.7.4223

File size:
262.5 KB (268,800 bytes)

Product version:
1.0.0.0

Copyright:
x1nixmzeng

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:jYPOodm30xwcP9n2U82xZkckexoS8pm97WQP:Ydm3xc4L24cVoS8c97Wy

Entry address:
0x9B7F0

Entry point:
60, BE, 00, 20, 47, 00, 8D, BE, 00, F0, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, FD, 9A, 09, 00, 57, 83, C3, 04, 53, 68, EB, 97, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.2609

Code size:
172 KB (176,128 bytes)

The file perx.exe has been seen being distributed by the following 3 URLs.

Remove perx.exe - Powered by Reason Core Security