slhack.exe

The executable slhack.exe has been detected as malware by 33 anti-virus scanners. The file has been seen being downloaded from plasmon.rghost.ru.
Version:
1.0.0.0

MD5:
70ef459132d78b8edbccf9436d1ec482

SHA-1:
b4b239dbccfa6b63087357d03f05f0798d2b0963

SHA-256:
91f2530db0f47188a5953adbeccbb9ed0924fbdf78ab652c88ff2fbe4b7d4264

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
11/23/2024 10:36:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.SEPhish.2
718

Agnitum Outpost
Trojan.PWS.OnLineGames
7.1.1

AhnLab V3 Security
Win-Trojan/Accphish.6955773
2015.01.26

Avira AntiVirus
TR/PHP.Gen
7.11.205.14

avast!
Win32:Agent-AQQU [Trj]
2014.9-150216

AVG
PSW.Generic9
2016.0.3196

Baidu Antivirus
Malware.Win32.GameHack
4.0.3.15216

Bitdefender
Gen:Heur.SEPhish.2
1.0.20.235

Bkav FE
W32.WintaskLTE.Trojan
1.3.0.6379

Comodo Security
TrojWare.Win32.PSW.AccPhish.E
20841

Emsisoft Anti-Malware
Gen:Heur.SEPhish
8.15.02.16.07

ESET NOD32
PHP/PSW.Phishack.AT
9.11070

Fortinet FortiGate
W32/AccPhish.EU!tr.pws
2/16/2015

F-Prot
W32/AccPhish.A.gen
v6.4.7.1.166

F-Secure
Gen:Heur.SEPhish.2
11.2015-16-02_2

G Data
Gen:Heur.SEPhish
15.2.24

IKARUS anti.virus
Trojan.PHP.PSW
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.192.14746

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2476

Malwarebytes
Trojan.Agent
v2015.02.16.07

McAfee
Generic PWS.ya
5600.6852

MicroWorld eScan
Gen:Heur.SEPhish.2
16.0.0.141

NANO AntiVirus
Trojan.Win32.Faketool.dmkxzs
0.30.0.64812

Norman
Agent.VCJD
11.20150216

Qihoo 360 Security
Win32/Trojan.54c
1.0.0.1015

Quick Heal
Trojan.Dynamer.D9
2.15.14.00

Rising Antivirus
PE:Stealer.Phishack!6.DF
23.00.65.15214

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-PWS
10049

Total Defense
Win32/Bancos.ABHY
37.0.11403

Trend Micro House Call
TROJ_GEN.R047C0FK714
7.2.47

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
36970

ViRobot
Trojan.Win32.S.Agent.6867373[h]
2014.3.20.0

File size:
6.5 MB (6,867,373 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\slhack.exe

File PE Metadata
Compilation timestamp:
9/21/2010 7:04:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:0e1aO8bj2W7UJCc5Z88NYRBNOy4V5SJBAUZLBn5DY:0e1o2WLc6LmIJVVnu

Entry address:
0x16CEB8

Entry point:
55, 8B, EC, 83, C4, E8, 33, C0, 89, 45, EC, 89, 45, E8, B8, 1C, B1, 56, 00, E8, 48, A3, E9, FF, 33, C0, 55, 68, EF, CF, 56, 00, 64, FF, 30, 64, 89, 20, A1, D4, 5A, 57, 00, 8B, 00, E8, C6, 5A, F2, FF, A1, D4, 5A, 57, 00, 8B, 00, 33, D2, E8, 5C, 79, F2, FF, A1, D4, 5A, 57, 00, 8B, 00, C6, 40, 5B, 00, 8D, 55, E8, B8, 01, 00, 00, 00, E8, 40, 64, E9, FF, 8B, 45, E8, 8D, 55, EC, E8, 79, D6, E9, FF, 8B, 45, EC, BA, 04, D0, 56, 00, E8, 88, 82, E9, FF, 8B, 0D, D4, 5B, 57, 00, A1, D4, 5A, 57, 00, 8B, 00, 8B, 15, 74...
 
[+]

Entropy:
6.9561

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,489,408 bytes)

The file slhack.exe has been seen being distributed by the following URL.

Remove slhack.exe - Powered by Reason Core Security