ProcessHacker.exe

Process Hacker

wj32

The executable ProcessHacker.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from mega.nz. While running, it connects to the Internet address projects.sourceforge.net on port 80 using the HTTP protocol.
Publisher:
wj32

Product:
Process Hacker

Version:
2.30.0.5267

MD5:
3f0e373fdae472d22e4c849e88acbcb2

SHA-1:
f7cf0ba91c898a23468be30f54837c9df22db1e9

SHA-256:
d2b64fa613daec3b18fae2471f16c57048309e209d8fc4d99d3ac60e64df2b00

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/25/2024 7:44:08 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

avast!
Win32:Vitro
2014.9-150626

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.15.06.26.09

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

F-Secure
Win32.Virtob.Gen.12
11.2015-26-06_6

McAfee
W32/Virut.n.gen
5600.6722

Microsoft Security Essentials
Threat.Undefined
1.179.1221.0

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.26.21

Sophos
W32/Scribble-B
4.98

VIPRE Antivirus
Threat.4120919
31208

File size:
1.1 MB (1,169,408 bytes)

Product version:
2.30.0.5267

Copyright:
Licensed under the GNU GPL, v3.

Original file name:
ProcessHacker.exe

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\Program Files\process hacker\processhacker.exe

File PE Metadata
Compilation timestamp:
1/14/2013 10:14:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:vrVfN648P6Lw6oHbmiyUG3CnJfwW+MM0L1LezGcBXTNs4B13czCQQU6Dv:fZ66LDiymTMM1LezGra3+nK

Entry address:
0xA7360

Entry point:
E8, A7, A2, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 3B, 4D, 00, E8, AA, 6E, 00, 00, E8, 18, 71, 00, 00, 0F, B7, F0, 6A, 02, E8, 3A, A2, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FA, 98, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
734 KB (751,616 bytes)

The file ProcessHacker.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to projects.sourceforge.net  (216.34.181.96:80)

Remove ProcessHacker.exe - Powered by Reason Core Security