» the_latest_hacks.exe
Overview
Analysis
File Details
Downloads (1)

the_latest_hacks.exe

Windows Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application the_latest_hacks.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download2004.mediafire.com.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Windows® Internet Explorer

Description:

Win32 Cabinet Self-Extractor

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

MD5:

6cfefe2489bd8cd94c788e47342fe58a

SHA-1:

0718f2720aacd59409a06cb6cd37501f2331cda6

SHA-256:

d2ee7103d4bbcba88f42febcfc4c3c81424d5f9c52911cf657ee7ffd4fd53484

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 10:32:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.133031

494

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.3.1.6

avast!

Win32:FakeDownload-F [PUP]

2014.9-150928

AVG

Generic6

2016.0.2972

Baidu Antivirus

Adware.Win32.MultiPlug

4.0.3.15928

Dr.Web

Trojan.DownLoader13.6553

9.0.1.0271

ESET NOD32

Win32/Adware.MultiPlug.LH (variant)

9.11780

F-Prot

W32/S-d033213d

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy

11.2015-28-09_2

IKARUS anti.virus

AdWare.MultiPlug

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.205.16234

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1357

Malwarebytes

PUP.Optional.MultiPlug

v2015.09.28.12

McAfee

Artemis!6CFEFE2489BD

5600.6628

MicroWorld eScan

Gen:Variant.Adware.Kazy.133031

16.0.0.813

NANO AntiVirus

Riskware.Win32.MultiPlug.drbncs

0.30.24.2086

File size:

842 KB (862,208 bytes)

Product version:

8.00.7600.16385

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win64 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

7/14/2009 1:58:27 AM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:3VcyB+C37vDYkEpcVkqMtbtot0coLXs+u:pBh3JEpcGqMtZPLX

Entry address:

0xC9C8

Entry point:

48, 83, EC, 28, E8, F3, 02, 00, 00, 48, 83, C4, 28, E9, DA, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 09, 27, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 70, 03, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, 45, 8B, 18, 48, 8B, DA, 4C, 8B, C9, 41, 83, E3, F8, 41, F6, 00, 04, 4C, 8B, D1, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8, 4C, 23, D1, 49... 
[+]

Entropy:

7.8918 (probably packed)

Code size:

54 KB (55,296 bytes)

The file the_latest_hacks.exe has been seen being distributed by the following URL.

http://download2004.mediafire.com/72f42yg5nfxg/.../The_Latest_HACKS.exe

Remove the_latest_hacks.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.