sudbyzquxqus.exe

The executable sudbyzquxqus.exe has been detected as malware by 40 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘sudbyzquxqus’. While running, it connects to the Internet address portaldyn-pool1-nc3.isp.belgacom.be on port 25.
MD5:
e72ddb456513b8c800eeab0c00e1750f

SHA-1:
684f0f5d15370385a9f2a754b6bd72eef8a1d14a

SHA-256:
607a516dd2c132671a46de822f31edd746d389cdfd95aedc5d3cbf173998f1ce

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
11/15/2024 1:23:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.KDV.763665
360

AegisLab AV Signature
Backdoor.W32.Pushdo.ih!c
2.1.4+

Agnitum Outpost
Trojan.Wigon
7.1.1

AhnLab V3 Security
Win-Trojan/Cutwail.53248
2016.01.30

Avira AntiVirus
TR/Dldr.Cutwail.BS.45
8.3.2.4

Arcabit
Trojan.Generic.KDV.DBA711
1.0.0.646

avast!
Win32:Dropper-gen [Drp]
2014.9-160210

AVG
BackDoor.Generic15
2017.0.2838

Baidu Antivirus
Trojan.Win32.Wigon
4.0.3.16210

Bitdefender
Trojan.Generic.KDV.763665
1.0.20.205

Bkav FE
W32.WinsvcLR.Trojan
1.3.0.7400

Comodo Security
Heur.Suspicious
24039

Dr.Web
Trojan.DownLoader6.62576
9.0.1.041

Emsisoft Anti-Malware
Trojan.Generic.KDV.763665
8.16.02.10.03

ESET NOD32
Win32/Wigon.PB
10.12948

Fortinet FortiGate
W32/Pushdo.IH!tr.bdr
2/10/2016

F-Prot
W32/Downldr2.IYVD
v6.4.7.1.166

F-Secure
Trojan.Generic.KDV.763665
11.2016-10-02_4

G Data
Trojan.Generic.KDV.763665
16.2.25

IKARUS anti.virus
Backdoor.Win32.Pushdo
t3scan.2.0.4.0

K7 AntiVirus
Trojan
13.213.18582

Kaspersky
Backdoor.Win32.Pushdo
14.0.0.684

Malwarebytes
Trojan.Cutwail
v2016.02.10.03

McAfee
Generic.nk
5600.6494

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail.BS
1.1.12400.0

MicroWorld eScan
Trojan.Generic.KDV.763665
17.0.0.123

NANO AntiVirus
Trojan.Win32.DownLoader6.zvycm
1.0.14.5798

nProtect
Trojan/W32.Agent.53248.DIZ
16.01.29.01

Panda Antivirus
Trj/Agent.MIZ
16.02.10.03

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1077

Quick Heal
Trojan.Pushdo.rw3
2.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16208

Sophos
Mal/Generic-L
4.98

Total Defense
Win32/Cutwail.BVI
37.1.62.1

Trend Micro House Call
TROJ_SPNR.14JO12
7.2.41

Trend Micro
TROJ_SPNR.14JO12
10.465.10

Vba32 AntiVirus
Malware-Cryptor.Wagon
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46838

ViRobot
Backdoor.Win32.A.Pushdo.53248[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.Pushdo.Win32.87
2.0.0.2638

File size:
52 KB (53,248 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\user\sudbyzquxqus.exe

File PE Metadata
Compilation timestamp:
2/9/2008 1:11:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:NqA5ufEL84Wd/sxCZuhY5//BrpUnNNyOoI7:N8fEL848/sERnSvyOo

Entry address:
0x82D3

Entry point:
55, 8B, EC, 6A, FF, 68, 28, C1, 00, 04, 68, B4, 91, 00, 04, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 80, C0, 00, 04, 33, D2, 8A, D4, 89, 15, 64, E6, 00, 04, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 60, E6, 00, 04, C1, E1, 08, 03, CA, 89, 0D, 5C, E6, 00, 04, C1, E8, 10, A3, 58, E6, 00, 04, 33, F6, 56, E8, 4D, 0D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, C0, 04, 00, 00, FF, 15, 7C, C0, 00, 04, A3, 78, FB, 00, 04, E8...
 
[+]

Entropy:
7.3402

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
42 KB (43,008 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
sudbyzquxqus

Command:
C:\users\user\sudbyzquxqus.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.worldnet.co.nz  (202.169.192.35:80)

TCP (SMTP):
Connects to portaldyn-pool1-nc3.isp.belgacom.be  (195.238.25.201:25)

Remove sudbyzquxqus.exe - Powered by Reason Core Security