» play angelsmu.exe
Overview
Analysis
File Details
Network (2)

play angelsmu.exe

Launcher.Premium

RabanSoft.

The executable play angelsmu.exe has been detected as malware by 19 anti-virus scanners. While running, it connects to the Internet address protected.hyperfilter.com on port 44406.

File name:

play angelsmu.exe

Publisher:

RabanSoft.

Product:

Launcher.Premium

Version:

1.8.5.30

MD5:

1756a6ddd4ab23e3d3a31d8b10ea40a3

SHA-1:

6980f95bf2ef83ce7568b64234f13c26d53d2f2e

SHA-256:

947338c3d95f3eddfe8d4a4d50a154191b2f2e4668365a95716b0a5e0573776f

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

11/27/2024 8:37:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13049353

622

AVG

Win32/Heur

2016.0.3100

Bitdefender

Trojan.Generic.13049353

1.0.20.715

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Trojan.Generic.13049353

8.15.05.23.06

F-Secure

Trojan.Generic.13049353

11.2015-23-05_7

G Data

Trojan.Generic.13049353

15.5.25

IKARUS anti.virus

Win32.Heur

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.203.15891

McAfee

Artemis!1756A6DDD4AB

5600.6756

MicroWorld eScan

Trojan.Generic.13049353

16.0.0.429

Norman

Suspicious_Gen4.HYVCN

11.20150523

nProtect

Trojan.Generic.13049353

15.05.11.01

Sophos

Mal/EncPk-OJ

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0RD615

7.2.143

Trend Micro

TROJ_GEN.R0C1C0RD615

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

40194

ViRobot

Trojan.Win32.S.Agent.3652096[h]

2014.3.20.0

Zillya! Antivirus

Trojan.FakeAV.Win32.312638

2.0.0.2174

File size:

3.5 MB (3,652,096 bytes)

Product version:

1.8.5.30

Trademarks:

RabanSoft.

Original file name:

IGC.Launcher.Premium.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

1/11/2015 4:05:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

98304:8wiIg61a7n+JT4/bSID1ZS/Gd1EFXdRQCZ+r8x:PzxJTGa+d1UXdRQac8x

Entry address:

0x64A000

Entry point:

68, 35, D5, FE, 50, 89, 1C, 24, 55, BD, 9A, 60, 27, 7B, 89, 6C, 24, 04, 8B, 2C, 24, 83, C4, 04, F7, 14, 24, C1, 2C, 24, 02, C1, 24, 24, 02, 81, 24, 24, EE, 18, FF, 36, 81, 34, 24, 0A, F6, 51, 7F, 81, 34, 24, 6E, EE, 89, 7B, 68, 4B, 29, 12, 6B, 89, 1C, 24, C7, 04, 24, 34, 5A, 9E, 70, 81, 04, 24, 6C, BA, 60, 0F, 81, 04, 24, 73, 44, FF, 3F, 53, BB, 7E, 43, FF, 3E, 29, 5C, 24, 04, 5B, 81, 24, 24, 3A, 7E, 9F, 7A, 81, 24, 24, 7F, D6, BF, 5F, FF, 04, 24, 81, 04, 24, F0, EB, 60, FF, 83, EC, 04, 89, 14, 24, 89, 3C... 
[+]

Entropy:

7.9493 (probably packed)

Code size:

3 MB (3,135,488 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to protected.hyperfilter.com (93.158.238.34:44406)

TCP (HTTP):

Connects to cluster013.ovh.net (213.186.33.24:80)

Remove play angelsmu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.