home

pushok.single.exe

The executable pushok.single.exe has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from cdn.gamextazy.com.
MD5:
77ad962154d09e3f3c23342d030131b5

SHA-1:
9ab567d4236a61c24f957fa503ca1751be0caec1

SHA-256:
c7a7364f7a3d41bd359832569e44d5f90c892ed9299d19e197d19bcc18852cf6

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/15/2024 11:46:45 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.2255.0

Norman
Win32.Sality.3
22.05.2016 07:18:28

File size:
1.1 MB (1,122,263 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pushok.single.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:paHTMcyebtZFLMwyuyPOQ8zTlcN2vC+K70nGxXbMRy+mQ:ksjuwslcND+K7AGxYhmQ

Entry address:
0x30CB

Entry point:
60, 8B, D1, FE, CD, 86, CB, 0D, C8, 6F, B1, BD, 30, FE, 47, 8A, F7, FF, CA, F3, 71, 02, B2, 37, C7, C3, 8C, 8F, 84, BB, 8B, C3, 3A, C4, FE, C7, 8D, 6D, 00, F7, C3, C0, EF, AF, 6E, 72, 02, 85, C7, 55, 87, D6, 8D, 1D, 4B, 5D, C5, 69, 29, C2, 5F, 4A, 8A, C6, 8A, DA, 86, D3, 03, CF, C7, C0, 66, C2, 3B, 88, 0F, B6, DB, F6, C4, 60, 87, F6, 88, DC, 34, 8A, C6, C4, 9C, F3, 46, C7, C1, 16, 86, C7, 64, E8, 00, 00, 00, 00, F6, C4, F7, 85, C1, C7, C1, EA, 84, CA, 4D, 81, FA, E8, 49, 48, D7, 72, 05, 8B, DB, C6, C1, 5D...
 
[+]

Code size:
22.5 KB (23,040 bytes)

The file pushok.single.exe has been seen being distributed by the following URL.

http://cdn.gamextazy.com/pushOK.single.exe

Remove pushok.single.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.