» rusthacks2016.exe
Overview
Analysis
File Details
Downloads (1)

rusthacks2016.exe

The executable rusthacks2016.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www48.zippyshare.com.

File name:

rusthacks2016.exe

Description:

Microsoft Word

Version:

8.9.1.6

MD5:

3f1cd8a0f4201271c9366773bc5c1c37

SHA-1:

f0eb7a6f910a60c37b982d68e3d402be8b973580

SHA-256:

1c00c6fde106f41c9539b8546ffdae62e079780ae8c45cea6fdf5982c445d606

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

11/27/2024 9:53:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3279211

246

Avira AntiVirus

TR/Dropper.MSIL.kzag

8.3.3.4

Arcabit

Trojan.Generic.D32096B

1.0.0.696

avast!

Win32:Malware-gen

2014.9-160603

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.1663

Bitdefender

Trojan.GenericKD.3279211

1.0.20.775

Emsisoft Anti-Malware

Trojan.GenericKD.3279211

8.16.06.03.10

ESET NOD32

MSIL/Injector.PKL (variant)

10.13585

F-Secure

Trojan.GenericKD.3279211

11.2016-03-06_6

G Data

Trojan.GenericKD.3279211

16.6.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.2.0.9.0

MicroWorld eScan

Trojan.GenericKD.3279211

17.0.0.465

nProtect

Trojan.GenericKD.3279211

16.06.02.01

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

File size:

649.5 KB (665,088 bytes)

Product version:

8.9.1.6

Microsoft® is a registered trademark of Microsoft Corporation.

Original file name:

Microsoft Word.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\rusthacks2016.exe

File PE Metadata

Compilation timestamp:

6/1/2016 8:32:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:fyrLVgY7LWSjh5S0P+EbpCLUW7WFZv6p+Nl4hQZRKBzQ1ZOO6B47nO18jfpj:fmLFWSjh5dP+EbpCLo7Fb42SZO647n

Entry address:

0x9319E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00... 
[+]

Entropy:

7.6341

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

580.5 KB (594,432 bytes)

The file rusthacks2016.exe has been seen being distributed by the following URL.

http://www48.zippyshare.com/d/ZIAhzRvQ/.../RustHacks2016.exe

Remove rusthacks2016.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.