» picx_2015.8.6_134_out.exe
Overview
Analysis
File Details
Downloads (4)

picx_2015.8.6_134_out.exe

sewgrfdt

The application picx_2015.8.6_134_out.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.245 and multiple other hosts.

File name:

Publisher:

sewgrfdt

Product:

sewgrfdt

Version:

8.2.3.134

MD5:

ae8cc6ea490bb8897050cf5a4c97e13d

SHA-1:

5d0e15b633e4e4811dfdf5b198dd8f05916a0ef4

SHA-256:

646c9cb8750bc527d56cf90ad4cf14034808e516932fdb6e0639469d57c5c6aa

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 8:11:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2634023

517

Agnitum Outpost

PUA.Downloader

7.1.1

Arcabit

Trojan.Generic.D283127

1.0.0.425

AVG

Generic6

2016.0.2995

Baidu Antivirus

Hacktool.Win32.AdLoad

4.0.3.1595

Bitdefender

Trojan.GenericKD.2634023

1.0.20.1240

Dr.Web

Adware.Mutabaha.642

9.0.1.0248

Emsisoft Anti-Malware

Trojan.GenericKD.2634023

8.15.09.05.12

ESET NOD32

Win32/ELEX.EO potentially unwanted

9.12201

Fortinet FortiGate

W32/Picexa.X

9/5/2015

F-Secure

Trojan.GenericKD.2634023

11.2015-05-09_7

G Data

Trojan.GenericKD.2634023

15.9.25

K7 AntiVirus

Riskware

13.2017112

Kaspersky

not-a-virus:Downloader.Win32.AdLoad

14.0.0.1472

McAfee

RDN/Generic Downloader.x

5600.6651

MicroWorld eScan

Trojan.GenericKD.2634023

16.0.0.744

NANO AntiVirus

Trojan.Win32.AdLoad.duzgxd

0.30.24.3283

nProtect

Trojan.GenericKD.2634023

15.09.04.01

Panda Antivirus

Trj/Genetic.gen

15.09.05.12

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Picexa (PUA)

4.98

Trend Micro

TROJ_GEN.R03EC0OHB15

10.465.05

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43456

Zillya! Antivirus

Downloader.Adload.Win32.20357

2.0.0.2387

File size:

403 KB (412,672 bytes)

Product version:

8.2.3.134

Original file name:

sewgrfdt

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\picx_2015.8.6_134_out.exe

File PE Metadata

Compilation timestamp:

8/6/2015 7:58:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:tleFhzNknyfr3M0nJLxGqNxTWvqM5nzh3:n+BkyDMKLxtxTWvqM1d

Entry address:

0x1EFB7

Entry point:

E8, 61, B5, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF... 
[+]

Code size:

217 KB (222,208 bytes)

The file picx_2015.8.6_134_out.exe has been seen being distributed by the following 4 URLs.

http://113.171.224.245/.../picx_2015.8.6_134_out.exe

http://113.171.224.173/.../picx_2015.8.6_134_out.exe

http://113.171.224.205/.../picx_2015.8.6_134_out.exe

http://dl.picexa.com/update/new.2.0/px/2.1.52/.../picx_2015.8.6_134_out.exe

Remove picx_2015.8.6_134_out.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.