home

Project1.exe

Pino

The executable Project1.exe has been detected as malware by 19 anti-virus scanners.
Publisher:
Microsoft*  (Invalid match)

Product:
Pino

Version:
1.0.0.6

MD5:
2fb0e42851ed9dd66a8003fdba4fce2d

SHA-1:
f0d628edf472841fdd25c2fec1d46fc0cf3eb27c

SHA-256:
e05bb431e3adf9c8e37ca3832cb49bdd231d8cfadb34ed2bf0cbca5b6ada130e

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
11/26/2024 11:13:34 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12453081
742

Avira AntiVirus
TR/Agent.49152.1929
7.11.198.242

avast!
Win32:Malware-gen
2014.9-150124

Baidu Antivirus
Trojan.MSIL.Dropper
4.0.3.15124

Bitdefender
Trojan.Generic.12453081
1.0.20.120

Dr.Web
Trojan.DownLoader11.57996
9.0.1.024

Emsisoft Anti-Malware
Trojan.Generic.12453081
8.15.01.24.09

Fortinet FortiGate
W32/Agent.ATYY!tr
1/24/2015

F-Secure
Trojan.Generic.12453081
11.2015-24-01_7

G Data
Trojan.Generic.12453081
15.1.24

IKARUS anti.virus
Trojan-Dropper.MSIL.Agent
t3scan.1.8.5.0

Kaspersky
Trojan-Dropper.MSIL.Agent
14.0.0.2593

MicroWorld eScan
Trojan.Generic.12453081
16.0.0.72

NANO AntiVirus
Trojan.Win32.Agent.dlgijs
0.30.0.64448

nProtect
Trojan.Generic.12453081
14.12.31.01

Panda Antivirus
Generic Suspicious
15.01.24.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047H07LS14
7.2.24

File size:
48 KB (49,152 bytes)

Product version:
1.0.0.6

Original file name:
Project1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\dat\project1.exe

File PE Metadata
Compilation timestamp:
12/8/2014 4:13:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:KFeCDBR4cCBXjmRzDbCkCzckyltsJfdt/bCk2ba5skAxw:KFazSDbCkCzc/GBdqfVxw

Entry address:
0x1850

Entry point:
68, 1C, 1A, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 85, 4D, 5E, C2, D1, C8, 30, 47, B8, 1A, 70, 00, 39, E9, 89, A4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 65, 65, 6E, 6F, 47, 72, 69, 47, 69, 6F, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, 6B, 72, DA, 92, B2, 05, 29, 4F, 95, D8, B1, 23, AA, DC, 36, EB, F1, 63, 66, 96, 9F, 55, 9E, 42, BD, E3, 13, E6, 95, CB, FE, 56, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
36 KB (36,864 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-245-104-86.us-west-2.compute.amazonaws.com  (54.245.104.86:80)

TCP (HTTP):
Connects to ec2-54-214-33-160.us-west-2.compute.amazonaws.com  (54.214.33.160:80)

Remove Project1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.