tasgulnudata.exe

The executable tasgulnudata.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘tasgulnudata’. While running, it connects to the Internet address sv140.xserver.jp on port 80 using the HTTP protocol.
MD5:
cf5ec291f1ab21dbe87c5767790e322f

SHA-1:
096f64897bf9e63bbbeb5cd513de3a83aa968622

SHA-256:
2775ad7ee1209bba32413d63f10387c0edfc6103713725fe8ed42174e278729c

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
12/27/2024 7:14:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.641950
361

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
2015.08.31

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.2.2

Arcabit
Trojan.Kazy.D9CB9E
1.0.0.425

avast!
Win32:Malware-gen
2014.9-160209

AVG
Agent
2017.0.2839

Bitdefender
Gen:Variant.Kazy.641950
1.0.20.200

Dr.Web
Trojan.MulDrop3.14959
9.0.1.040

Emsisoft Anti-Malware
Gen:Variant.Kazy.641950
8.16.02.09.02

ESET NOD32
Win32/Kryptik.CJDR (variant)
10.12177

Fortinet FortiGate
W32/Kryptik.CJDR!tr
2/9/2016

F-Secure
Gen:Variant.Kazy.641950
11.2016-09-02_3

G Data
Gen:Variant.Kazy.641950
16.2.25

IKARUS anti.virus
Trojan.Win32.Agentb
t3scan.1.9.5.0

Kaspersky
Trojan.Win32.Agentb
14.0.0.689

Malwarebytes
Trojan.Inject
v2016.02.09.02

McAfee
GenericR-DUP!CF5EC291F1AB
5600.6495

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12002.0

MicroWorld eScan
Gen:Variant.Kazy.641950
17.0.0.120

NANO AntiVirus
Trojan.Win32.Agentb.dssjup
0.30.24.3283

Panda Antivirus
Trj/Genetic.gen
16.02.09.02

Qihoo 360 Security
Win32/Trojan.a38
1.0.0.1015

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9335

Trend Micro
TROJ_GEN.R08NC0DHT15
10.465.09

Vba32 AntiVirus
Trojan.Agentb
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43344

File size:
74.3 KB (76,032 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\user\tasgulnudata.exe

File PE Metadata
Compilation timestamp:
11/29/2006 4:06:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:TZx50pot8XgL4ZTadmda5ofADvu/mbcOzwfQ37GKP:Taot8XVaLqmGO4OzwfQ37GKP

Entry address:
0x1000

Entry point:
33, C9, 51, E8, E2, 02, 00, 00, 50, 8F, 05, 9D, 34, B2, 00, C7, 05, F1, 34, B2, 00, 30, 00, 00, 00, C7, 05, F5, 34, B2, 00, 03, 00, 00, 00, C7, 05, F9, 34, B2, 00, 2F, 11, B2, 00, C7, 05, FD, 34, B2, 00, 00, 00, 00, 00, C7, 05, 01, 35, B2, 00, 00, 00, 00, 00, FF, 35, 9D, 34, B2, 00, 8F, 05, 05, 35, B2, 00, C7, 05, 11, 35, B2, 00, 06, 00, 00, 00, C7, 05, 15, 35, B2, 00, 00, 00, 00, 00, C7, 05, 19, 35, B2, 00, 74, 12, B2, 00, 68, 00, 7F, 00, 00, 6A, 00, E8, 3D, 02, 00, 00, A3, 09, 35, B2, 00, A3, 1D, 35, B2...
 
[+]

Code size:
1024 Bytes (1,024 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
tasgulnudata

Command:
C:\users\user\tasgulnudata.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sv140.xserver.jp  (210.188.201.166:80)

TCP (HTTP):
Connects to myhost.net.pl  (195.149.225.101:80)

TCP (HTTP):
Connects to blask.circulos.pl  (195.2.222.250:80)

TCP (HTTP):
Connects to 157-7-107-101.virt.lolipop.jp  (157.7.107.101:80)

TCP (HTTP):
Connects to xaicom.net  (85.214.214.113:80)

TCP (HTTP):
Connects to ora.ecnet.jp  (118.23.162.86:80)

TCP (HTTP):
Connects to newip240.telewave.ad.jp  (219.122.1.240:80)

TCP (HTTP):
Connects to ec2-52-200-68-236.compute-1.amazonaws.com  (52.200.68.236:80)

TCP (HTTP):
Connects to cluster006.ovh.net  (213.186.33.17:80)

TCP (HTTP):
Connects to ams93-rev.netart.pl  (85.128.201.93:80)

TCP (HTTP):
Connects to 66-232-103-8.static.hvvc.us  (66.232.103.8:80)

TCP (HTTP):
Connects to 62-210-140-158.rev.poneytelecom.eu  (62.210.140.158:80)

Remove tasgulnudata.exe - Powered by Reason Core Security