home

px2up_2015.09.16_out.exe

equalto

The application px2up_2015.09.16_out.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.245 and multiple other hosts.
Publisher:
equalto

Product:
equalto

Version:
9.1.56.26

MD5:
d797bbe13951bb18fc8a4b0bbeffc790

SHA-1:
9d6c588bdc37c2f232d4b0771fa468a6b4730957

SHA-256:
6f4257230c36bea9275bc087fa1cdf1a7c3b17ab395188c97693cfae6d87f5d5

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 8:02:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2729861
503

Arcabit
Trojan.Generic.D29A785
1.0.0.545

AVG
Elex
2016.0.2981

Bitdefender
Trojan.GenericKD.2729861
1.0.20.1310

Emsisoft Anti-Malware
Trojan.GenericKD.2730490
8.15.09.19.06

ESET NOD32
Win32/ELEX.EO potentially unwanted (variant)
9.12275

Fortinet FortiGate
Riskware/Adload
9/19/2015

F-Secure
Trojan.GenericKD.2729861
11.2015-19-09_7

G Data
Trojan.GenericKD.2729861
15.9.25

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.1401

McAfee
Artemis!D797BBE13951
5600.6637

MicroWorld eScan
Trojan.GenericKD.2729861
16.0.0.786

nProtect
Trojan.GenericKD.2729861
15.09.18.01

Panda Antivirus
Generic Suspicious
15.09.19.06

Reason Heuristics
Threat.Win.Reputation.IMP
15.12.5.21

Sophos
Generic PUA JN (PUA)
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43862

File size:
419 KB (429,056 bytes)

Product version:
9.1.56.26

Copyright:
Copyright (C) 2011-2014

Original file name:
equalto

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\px2up_2015.09.16_out.exe

File PE Metadata
Compilation timestamp:
9/16/2015 9:55:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:C2jnGOMvf27CCRtJyJ2h8MolDV4kGvpzCSyLnS9T8+MZN5:/TGOMCCCRtJyJXlUzCS2Sl8+ML5

Entry address:
0x2065A

Entry point:
E8, FE, B4, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE...
 
[+]

Code size:
222.5 KB (227,840 bytes)

The file px2up_2015.09.16_out.exe has been seen being distributed by the following 4 URLs.

http://113.171.224.245/.../px2up_2015.09.16_out.exe

http://113.171.224.178/.../px2up_2015.09.16_out.exe

http://113.171.224.215/.../px2up_2015.09.16_out.exe

http://dl.picexa.com/update/new.2.0/px/2.1.56/.../px2up_2015.09.16_out.exe

Remove px2up_2015.09.16_out.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.