play angelsmu.exe

Launcher.Premium

RabanSoft.

The executable play angelsmu.exe has been detected as malware by 19 anti-virus scanners. While running, it connects to the Internet address protected.hyperfilter.com on port 44406.
Publisher:
RabanSoft.

Product:
Launcher.Premium

Version:
1.8.5.30

MD5:
1756a6ddd4ab23e3d3a31d8b10ea40a3

SHA-1:
6980f95bf2ef83ce7568b64234f13c26d53d2f2e

SHA-256:
947338c3d95f3eddfe8d4a4d50a154191b2f2e4668365a95716b0a5e0573776f

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
12/28/2024 4:51:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.13049353
622

AVG
Win32/Heur
2016.0.3100

Bitdefender
Trojan.Generic.13049353
1.0.20.715

Bkav FE
HW32.Packed
1.3.0.6379

Emsisoft Anti-Malware
Trojan.Generic.13049353
8.15.05.23.06

F-Secure
Trojan.Generic.13049353
11.2015-23-05_7

G Data
Trojan.Generic.13049353
15.5.25

IKARUS anti.virus
Win32.Heur
t3scan.1.8.9.0

K7 AntiVirus
Riskware
13.203.15891

McAfee
Artemis!1756A6DDD4AB
5600.6756

MicroWorld eScan
Trojan.Generic.13049353
16.0.0.429

Norman
Suspicious_Gen4.HYVCN
11.20150523

nProtect
Trojan.Generic.13049353
15.05.11.01

Sophos
Mal/EncPk-OJ
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0RD615
7.2.143

Trend Micro
TROJ_GEN.R0C1C0RD615
10.465.23

VIPRE Antivirus
Trojan.Win32.Generic
40194

ViRobot
Trojan.Win32.S.Agent.3652096[h]
2014.3.20.0

Zillya! Antivirus
Trojan.FakeAV.Win32.312638
2.0.0.2174

File size:
3.5 MB (3,652,096 bytes)

Product version:
1.8.5.30

Copyright:
RabanSoft. © 2012 - 2014

Trademarks:
RabanSoft.

Original file name:
IGC.Launcher.Premium.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
1/11/2015 4:05:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:8wiIg61a7n+JT4/bSID1ZS/Gd1EFXdRQCZ+r8x:PzxJTGa+d1UXdRQac8x

Entry address:
0x64A000

Entry point:
68, 35, D5, FE, 50, 89, 1C, 24, 55, BD, 9A, 60, 27, 7B, 89, 6C, 24, 04, 8B, 2C, 24, 83, C4, 04, F7, 14, 24, C1, 2C, 24, 02, C1, 24, 24, 02, 81, 24, 24, EE, 18, FF, 36, 81, 34, 24, 0A, F6, 51, 7F, 81, 34, 24, 6E, EE, 89, 7B, 68, 4B, 29, 12, 6B, 89, 1C, 24, C7, 04, 24, 34, 5A, 9E, 70, 81, 04, 24, 6C, BA, 60, 0F, 81, 04, 24, 73, 44, FF, 3F, 53, BB, 7E, 43, FF, 3E, 29, 5C, 24, 04, 5B, 81, 24, 24, 3A, 7E, 9F, 7A, 81, 24, 24, 7F, D6, BF, 5F, FF, 04, 24, 81, 04, 24, F0, EB, 60, FF, 83, EC, 04, 89, 14, 24, 89, 3C...
 
[+]

Entropy:
7.9493  (probably packed)

Code size:
3 MB (3,135,488 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to protected.hyperfilter.com  (93.158.238.34:44406)

TCP (HTTP):
Connects to cluster013.ovh.net  (213.186.33.24:80)

Remove play angelsmu.exe - Powered by Reason Core Security