home

soufi.exe

soufi

The executable soufi.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.exeupp.com.
Product:
soufi

Version:
1.0.0.0

MD5:
eac97f97059ccedc43f0383ba7298ae8

SHA-1:
c44c3018d74cc69489fca2a99fd2519816f51d63

SHA-256:
27c89b9eb60fd6fc60ba30199fcd4f1a92f54aca0f645ed56040535c590cd2cd

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/27/2024 8:51:39 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Uds.Dangerousobject.Multi!c
2.1.4+

Avira AntiVirus
TR/Dropper.MSIL.250840
8.3.3.2

ESET NOD32
MSIL/TrojanDownloader.Agent.BOH (variant)
10.13061

K7 AntiVirus
Trojan-Downloader
13.213.18807

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.157

McAfee
Artemis!EAC97F97059C
5600.6388

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

File size:
41.5 KB (42,496 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
soufi.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\soufi.exe

File PE Metadata
Compilation timestamp:
1/26/2016 8:15:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:4vEYnvbEk/O94BWtOkbFune13mn6QkL6+xhzXfqg4:4tvbEkpPkZYesnmLpzXfn4

Entry address:
0x939E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 0C, 00, 00, 00, A0, 33, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
29 KB (29,696 bytes)

The file soufi.exe has been seen being distributed by the following URL.

https://www.exeupp.com/.../soufi.exe

Remove soufi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.