premiumhive.exe

The executable premiumhive.exe has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from kuwaiti.co.
MD5:
c8563ab030d2cc2c3386b87a4a7cf210

SHA-1:
a6348861e0c58ab63430a1a712608164286deedb

SHA-256:
9f8f0fd9a4988c381d3eee8f8f74deb793062a0e2b3947043ff270153cf4acbc

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/26/2024 4:23:26 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Agent-BXF [Trj]
160518-2

Dr.Web
Trojan.DownLoader10.20411
9.0.1.05190

Emsisoft Anti-Malware
Generic.MSIL.Bladabindi.7F69E0F9
16.07.16

ESET NOD32
MSIL/Bladabindi.AS trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.1590.0

File size:
29 KB (29,696 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\premiumhive.exe

File PE Metadata
Compilation timestamp:
7/6/2016 3:09:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:IiaNl7L5N4gAOLnM5qhFlmumqDYVXeIqpGBsbh0w4wlAokw9OhgOL1vYRGOZzxZo:87P4gAoM+FlAq8Xe4BKh0p29SgRro

Entry address:
0x8B3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5886

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
27 KB (27,648 bytes)

The file premiumhive.exe has been seen being distributed by the following URL.

Remove premiumhive.exe - Powered by Reason Core Security