» prize_code.scr
Overview
Analysis
File Details
Downloads (1)

prize_code.scr

Axchi

The file prize_code.scr has been detected as malware by 27 anti-virus scanners. The file has been seen being downloaded from doc-00-2g-docs.googleusercontent.com.

File name:

prize_code.scr

Publisher:

Axchi

Product:

Axchi

Version:

351.6.46.40

MD5:

88fd81d87012e57b3b411e8bca5c5229

SHA-1:

e9fc8ab801ebc491698303395e58e5477261c70f

SHA-256:

4b992b478035e1b6ec1deeca793aef11e67d6776e08709c9e555b368016dfd15

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/23/2025 3:57:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.MSIL.Agent.AHG

464

Agnitum Outpost

Trojan.Pakes

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2015.10.20

Avira AntiVirus

TR/Injector.1270784.6

8.3.2.2

Arcabit

Trojan.MSIL.Agent.AHG

1.0.0.582

AVG

PSW.Generic12

2016.0.2942

Bitdefender

Trojan.MSIL.Agent.AHG

1.0.20.1510

Dr.Web

Trojan.PWS.Steam.6692

9.0.1.0302

Emsisoft Anti-Malware

Trojan.MSIL.Agent.AHG

8.15.10.29.07

ESET NOD32

MSIL/Injector.MAO

9.12433

Fortinet FortiGate

W32/Pakes.APUL!tr

10/29/2015

F-Secure

Trojan.MSIL.Agent.AHG

11.2015-29-10_5

G Data

Trojan.MSIL.Agent.AHG

15.10.25

IKARUS anti.virus

Trojan.Win32.Pakes

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.211.17582

Kaspersky

Trojan.Win32.Pakes

14.0.0.1203

Malwarebytes

Trojan.Crypt.MSIL

v2015.10.29.07

McAfee

Artemis!88FD81D87012

5600.6598

Microsoft Security Essentials

Trojan:Win32/Skeeyah.A!rfn

1.1.12101.0

MicroWorld eScan

Trojan.MSIL.Agent.AHG

16.0.0.906

nProtect

Trojan.MSIL.Agent.AHG

15.10.19.01

Panda Antivirus

Trj/CI.A

15.10.29.07

Rising Antivirus

PE:Malware.RDM.43!5.31[F1]

23.00.65.15923

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R021C0DJ315

10.465.29

Vba32 AntiVirus

Trojan.Pakes

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Pakes

44670

File size:

1.2 MB (1,270,784 bytes)

Product version:

351.6.46.40

Trademarks:

Axchi

Original file name:

Axchi.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\prize_code.scr

File PE Metadata

Compilation timestamp:

9/25/2015 2:53:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:DWTJo3TDCPnLrnKKqlVslab1xNcVSlMqV+F56LhraxN8VtlWdd0q7/Dd+M5wOLXw:iKjKLKDsEb1xrlme1qN8VjW9h+cn/s

Entry address:

0x24046

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2644

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

136.5 KB (139,776 bytes)

The file prize_code.scr has been seen being distributed by the following URL.

https://doc-00-2g-docs.googleusercontent.com/docs/securesc/6jc6g9mhvnb7mdtni96lulnavjdcrqk8/sd3rqgscmpaouveb7ef2u52k1dlv5n1l/1443204000000/03453160920423791245/.../0B49eRhXxogMxdHhtRlpYdG1ZUzQ?e=download

Remove prize_code.scr - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.