toast.exe

The executable toast.exe has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MCToast’. While running, it connects to the Internet address xserv20628.hybridserver.at on port 80 using the HTTP protocol.
Description:
Esemény értesítő

Version:
2, 0, 10, 861

MD5:
f464b51a071513cdb372de9dfc6aa8b7

SHA-1:
4155676b91b785105c2c4cbecf88eadb54503c8e

SHA-256:
60ce27317fd77505bac6a2e9c20ae6d5c3a9395cdb2018c038e92179e5eff053

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/14/2024 2:30:41 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.Agent.BTHK
16.05.28

Norman
Trojan.Agent.BTHK
19.05.2016 05:17:13

Trend Micro House Call
Suspicious_GEN.F47V0207
7.2.40

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
37386

File size:
1.1 MB (1,136,620 bytes)

Product version:
2, 0, 10, 861

Copyright:
Copyright (c) 2011 - 2013

Trademarks:
Trade marks

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\.mestermc.hu\toast.exe

File PE Metadata
Compilation timestamp:
6/9/2013 10:10:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:33PBrcRMFQhYFtK/IUvazmLo8KXYWOlCFj6y:HPBwqO6HKrazmLoA7l7y

Entry address:
0xDAC0

Entry point:
55, 8B, EC, 6A, FF, 68, 38, E3, 41, 00, 68, 14, 18, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 10, 53, 56, 57, 89, 65, E8, FF, 15, 90, E0, 41, 00, 33, D2, 8A, D4, 89, 15, 20, 5D, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 1C, 5D, 42, 00, C1, E1, 08, 03, CA, 89, 0D, 18, 5D, 42, 00, C1, E8, 10, A3, 14, 5D, 42, 00, 6A, 01, E8, 90, 3C, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, AB, 00, 00, 00, 59, E8, 9B, 39, 00, 00, 85, C0, 75, 08, 6A, 10, E8, 9A, 00, 00, 00, 59, 83, 65, FC, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
116 KB (118,784 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MCToast

Command:
C:\users\{user}\appdata\roaming\.mestermc.hu\toast.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to xserv20628.hybridserver.at  (78.47.44.106:80)

TCP (HTTP):
Connects to xserv20683.hybridserver.at  (178.63.148.37:80)

Remove toast.exe - Powered by Reason Core Security