survey skipper.exe

Survey Skipper

RRB

The executable survey skipper.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from download1437.mediafire.com and multiple other hosts.
Publisher:
RRB

Product:
Survey Skipper

Version:
1,0,0,0

MD5:
59d44acc2b4e1d5a2fba980f6befb7f9

SHA-1:
18a1c6a29b16d1b1acb1408d7c83099d5c0e11d0

SHA-256:
7ae3cdf0382d3fe0ea596e3ce000eb2c0295fd820b545c82796147b728dd4cee

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/27/2024 6:02:28 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Backdoor2.HWJV
v6.4.7.1.166

K7 AntiVirus
Trojan
13.203.15755

McAfee
Artemis!59D44ACC2B4E
5600.6778

Norman
Suspicious_Gen4.IFAZL
11.20150501

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.Jaiks!6.23EB
23.00.65.15429

Trend Micro House Call
Suspicious_GEN.F47V0318
7.2.121

File size:
241.5 KB (247,296 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\survey skipper.exe

File PE Metadata
Compilation timestamp:
7/30/2014 6:15:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
1536:ZLdD+0MON593j/f2Ko2fYxGIwlLzC6I6s7hxXHlHvHM+c5ER0VNvfk1uKpIUP49F:ZLdSro1yFZwgf2X

Entry address:
0x1000

Entry point:
68, D8, 00, 00, 00, 68, 00, 00, 00, 00, 68, 90, B0, 40, 00, E8, 7C, 21, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 75, 21, 00, 00, A3, 94, B0, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 62, 21, 00, 00, A3, 90, B0, 40, 00, E8, BC, 1F, 00, 00, E8, 27, 6C, 00, 00, E8, B9, 5F, 00, 00, E8, ED, 57, 00, 00, E8, DB, 41, 00, 00, E8, 03, 38, 00, 00, E8, AE, 34, 00, 00, E8, 09, 2B, 00, 00, E8, 5D, 28, 00, 00, 68, 07, 00, 00, 00, 68, 30, A2, 40, 00, 8D, 05, 64, B1, 40, 00, 50, 68, 08, 00...
 
[+]

Entropy:
3.9164

Packer / compiler:
PKLITE32, 0x1.1

Code size:
29 KB (29,696 bytes)

The file survey skipper.exe has been seen being distributed by the following 3 URLs.

http://download1437.mediafire.com/273rdis0ak8g/.../SURVEY SKIPPER.exe

Remove survey skipper.exe - Powered by Reason Core Security