sxe8599.tmp

The file sxe8599.tmp has been detected as malware by 27 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Administrator’. While running, it connects to the Internet address hserv26.homehost.com.br on port 80 using the HTTP protocol.
MD5:
d8414c6db1d16d7d5405dd97aef9b02d

SHA-1:
a5d09244e7585a526ef72b790bdacc0370ad7b97

SHA-256:
070d6f8944b47e69cb09cecd72f0df5451daf7dd3bb335d80ae474c514be559c

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
11/27/2024 3:53:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Crypt.Delf.F.@JW@aKWS4@oG
384

Agnitum Outpost
Trojan.DR.Dinwod
7.1.1

AhnLab V3 Security
Malware/Gen.Generic
2015.12.18

Avira AntiVirus
TR/ATRAPS.Gen2
8.3.2.4

Arcabit
Trojan.Crypt.Delf.F.E5D08C
1.0.0.629

avast!
Win32:Malware-gen
2014.9-160116

AVG
Win32/DH{Bw?}
2017.0.2862

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.16116

Bitdefender
Gen:Trojan.Crypt.Delf.F.@JW@aKWS4@oG
1.0.20.80

Comodo Security
UnclassifiedMalware
23784

Dr.Web
Trojan.PWS.Banker1.19074
9.0.1.016

Emsisoft Anti-Malware
Gen:Trojan.Crypt.Delf.F.@JW@aKWS4@oG
8.16.01.16.01

ESET NOD32
Win32/Spy.Banker.ABZK (variant)
10.12737

Fortinet FortiGate
W32/Banker.ABZK!tr.spy
1/16/2016

F-Secure
Gen:Trojan.Crypt.Delf.F.@JW@aKWS4@oG
11.2016-16-01_7

G Data
Gen:Trojan.Crypt.Delf.F.@JW@aKWS4@oG
16.1.25

IKARUS anti.virus
Trojan-Banker.Win32.Banker
t3scan.1.9.5.0

K7 AntiVirus
Spyware
13.212.18131

Kaspersky
Trojan-Dropper.Win32.Dinwod
14.0.0.807

McAfee
GenericR-EWD!D8414C6DB1D1
5600.6518

Microsoft Security Essentials
TrojanSpy:Win32/Banker!rfn
1.1.12400.0

MicroWorld eScan
Gen:Trojan.Crypt.Delf.F.@JW@aKWS4@oG
17.0.0.48

NANO AntiVirus
Trojan.Win32.Dinwod.dyunqu
1.0.10.5081

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16114

Trend Micro
TROJ_GEN.R047C0DK415
10.465.16

Vba32 AntiVirus
suspected of Trojan.Notifier.gen
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
45892

File size:
11.1 MB (11,620,352 bytes)

Common path:
C:\windows\sxe8599.tmp

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:PbYQyxXh1lhajLZ1JJtpS6d2nz2e4zsYEHxpQ4OfZF3eDo3w+3eETd3otbUabke8:PUzx1lhajdiHe

Entry address:
0xE8534

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 3C, 81, 4E, 00, E8, 5B, DA, F1, FF, 8B, 1D, 8C, ED, 4E, 00, E8, 58, DD, F1, FF, 68, 60, 86, 4E, 00, 6A, 00, 6A, 00, E8, 62, DC, F1, FF, E8, 45, DD, F1, FF, 85, C0, 74, 0C, 8B, 03, E8, DE, 0A, F7, FF, E9, E5, 00, 00, 00, 8B, 03, E8, 4E, 09, F7, FF, 8B, 0D, 80, EC, 4E, 00, 8B, 03, 8B, 15, 80, 49, 4E, 00, E8, 53, 09, F7, FF, 8B, 0D, 50, EB, 4E, 00, 8B, 03, 8B, 15, 0C, 4E, 48, 00, E8, 40, 09, F7, FF, 8B, 0D, 54, EA, 4E, 00, 8B, 03, 8B, 15, 28, F9, 4B, 00, E8, 2D, 09, F7, FF, 8B...
 
[+]

Entropy:
5.8777

Developed / compiled with:
Microsoft Visual C++

Code size:
926 KB (948,224 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Administrator

Command:
C:\Program Files\mozilla firefox\firefox.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hserv26.homehost.com.br  (177.85.96.86:80)

Remove sxe8599.tmp - Powered by Reason Core Security