the_latest_hacks.exe

Windows Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application the_latest_hacks.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download2004.mediafire.com.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Windows® Internet Explorer

Description:
Win32 Cabinet Self-Extractor

Version:
8.00.7600.16385 (win7_rtm.090713-1255)

MD5:
6cfefe2489bd8cd94c788e47342fe58a

SHA-1:
0718f2720aacd59409a06cb6cd37501f2331cda6

SHA-256:
d2ee7103d4bbcba88f42febcfc4c3c81424d5f9c52911cf657ee7ffd4fd53484

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:53:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.133031
494

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.1.6

avast!
Win32:FakeDownload-F [PUP]
2014.9-150928

AVG
Generic6
2016.0.2972

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.15928

Dr.Web
Trojan.DownLoader13.6553
9.0.1.0271

ESET NOD32
Win32/Adware.MultiPlug.LH (variant)
9.11780

F-Prot
W32/S-d033213d
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy
11.2015-28-09_2

IKARUS anti.virus
AdWare.MultiPlug
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.205.16234

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1357

Malwarebytes
PUP.Optional.MultiPlug
v2015.09.28.12

McAfee
Artemis!6CFEFE2489BD
5600.6628

MicroWorld eScan
Gen:Variant.Adware.Kazy.133031
16.0.0.813

NANO AntiVirus
Riskware.Win32.MultiPlug.drbncs
0.30.24.2086

File size:
842 KB (862,208 bytes)

Product version:
8.00.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win64 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
7/14/2009 1:58:27 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:3VcyB+C37vDYkEpcVkqMtbtot0coLXs+u:pBh3JEpcGqMtZPLX

Entry address:
0xC9C8

Entry point:
48, 83, EC, 28, E8, F3, 02, 00, 00, 48, 83, C4, 28, E9, DA, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 09, 27, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 70, 03, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 45, 8B, 18, 48, 8B, DA, 4C, 8B, C9, 41, 83, E3, F8, 41, F6, 00, 04, 4C, 8B, D1, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8, 4C, 23, D1, 49...
 
[+]

Entropy:
7.8918  (probably packed)

Code size:
54 KB (55,296 bytes)

The file the_latest_hacks.exe has been seen being distributed by the following URL.

Remove the_latest_hacks.exe - Powered by Reason Core Security