home

rename_me.exe

The executable rename_me.exe has been detected as malware by 13 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from xzone-reactor.com.
MD5:
faa39492bbce1470d6c5472613bfddc1

SHA-1:
a256a18a7a04c8d232ce520904c2e26203c24d69

SHA-256:
a30a400dcb1cc51166a8dea88fd6c166f0cfae11e37a6565591ecea2533e8768

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 2:27:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11968977
824

AhnLab V3 Security
Trojan/Win32.Agent
2014.11.03

Bitdefender
Trojan.Generic.11968977
1.0.20.1535

Bkav FE
W32.HfsAutoA
1.3.0.6185

Emsisoft Anti-Malware
Trojan.Generic.11968977
8.14.11.03.07

F-Secure
Trojan.Generic.11968977
11.2014-03-11_2

G Data
Trojan.Generic.11968977
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

McAfee
Artemis!FAA39492BBCE
5600.6958

MicroWorld eScan
Trojan.Generic.11968977
15.0.0.921

Norman
Suspicious_Gen2.VZBZD
11.20141103

nProtect
Trojan.Generic.11968977
14.10.31.01

Trend Micro House Call
TROJ_GEN.R047C0OK214
7.2.307

File size:
6.7 MB (7,059,972 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rename_me.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:tTOaDnYi1Rq5KqN7h4omt1VxiPKBxxlMAGmlReyWmCEMNcHhO0r+ZceWFgxgAda:tui6l9mL3Bxemy4+ghiZ+ggsa

Entry address:
0xDB6FC0

Entry point:
E8, 9B, 08, 00, 00, 5A, D6, A9, BA, DA, 3E, F7, 51, 47, A5, A8, 45, 21, AE, A6, CB, 3F, 0D, B4, F8, 49, 26, DA, 97, 4F, 7D, A8, 05, 29, E6, A6, EB, 3B, D1, C6, 8F, AF, 78, 1F, CE, E3, CE, 1C, F0, 6D, 43, 73, 59, 68, 0C, 00, C1, F6, 69, 4F, 67, F6, 8A, 38, B4, DD, F2, AF, 9F, 75, C3, 09, 2F, 7D, C2, 44, CE, CF, 75, D2, 17, A2, 30, 33, 6E, E3, 88, 8B, DE, ED, D0, 1E, D2, AE, 3C, 60, 3D, 49, 2E, 21, D7, 39, E2, 35, E7, 65, 00, 60, 9B, 49, 46, 51, AE, CB, AD, FB, AB, C0, 7A, FB, FD, 4B, E1, E7, 0C, D3, 2E, 24...
 
[+]

Code size:
1.5 MB (1,587,200 bytes)

The file rename_me.exe has been seen being distributed by the following URL.

http://xzone-reactor.com/.../rename_me.exe

Remove rename_me.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.