pps-qq-19.exe

The application pps-qq-19.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dysy.storial.ru.
MD5:
d53bd855e3aab9870122541164d13240

SHA-1:
0259d836f78ba217a92f6e37f750becba749364a

SHA-256:
2286ff2ac5bdb5f5e24b682024313781e81be69cfac7af6a5f197c18007488a6

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:09:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.795781
369

AegisLab AV Signature
Variant.Kazy
2.1.4+

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Trojan/Win32.Mytonel
2016.01.29

Avira AntiVirus
TR/Crypt.ZPACK.Gen
8.3.2.4

Arcabit
Trojan.Kazy.DC2485
1.0.0.646

avast!
Win32:Malware-gen
2014.9-160131

AVG
Win32/Cryptor
2017.0.2847

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.16131

Bitdefender
Gen:Variant.Kazy.795781
1.0.20.155

Bkav FE
HW32.Packed
1.3.0.7400

Emsisoft Anti-Malware
Gen:Variant.Kazy.795781
8.16.01.31.11

ESET NOD32
Win32/Kryptik.ELPP (variant)
10.12940

Fortinet FortiGate
W32/Kryptik.ELCZ!tr
1/31/2016

F-Secure
Gen:Variant.Kazy.795781
11.2016-31-01_1

G Data
Gen:Variant.Kazy.795781
16.1.25

Malwarebytes
Trojan.Crypt
v2016.01.31.11

McAfee
Artemis!D53BD855E3AA
5600.6503

Microsoft Security Essentials
TrojanDownloader:Win32/Mytonel.A
1.1.12400.0

MicroWorld eScan
Gen:Variant.Kazy.795781
17.0.0.93

Panda Antivirus
Generic Suspicious
16.01.31.11

Qihoo 360 Security
QVM20.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16129

File size:
1.4 MB (1,432,064 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\pps-qq-19.exe

File PE Metadata
Compilation timestamp:
7/17/2011 10:00:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
24576:XOf1PD0DeoRj7zI0N2IF6avv1+71v1L5u4+2T6gf:XBDZ1zp6kK1v1L5u4J

Entry address:
0x2103

Entry point:
83, EC, 04, 89, 2C, 24, 89, E5, 83, EC, 4C, E8, 00, 00, 00, 00, 8D, 3D, 03, 90, 00, 01, 47, 57, B8, 8C, 1F, 00, 01, FF, 10, 83, F8, 00, 74, 01, C3, 8D, 3D, 03, 90, 00, 01, 47, 57, C6, 07, 79, 6A, 0F, 68, 38, 30, 01, 01, 68, 27, 30, 01, 01, 8D, 05, 88, 1F, 00, 01, FF, 10, 83, F8, 00, 75, AC, 6A, 0F, 68, 38, 30, 01, 01, 68, 27, 30, 01, 01, 8D, 05, 88, 1F, 00, 01, FF, 10, 85, C0, 75, 94, 8B, 0D, 36, 91, 00, 01, B8, 60, 1F, 00, 01, FF, 10, 85, C0, 75, 83, 6A, 0F, 68, 38, 30, 01, 01, 68, 27, 30, 01, 01, 8D, 05...
 
[+]

Code size:
30 KB (30,720 bytes)

The file pps-qq-19.exe has been seen being distributed by the following URL.

Remove pps-qq-19.exe - Powered by Reason Core Security