home

triviador.exe

Triviador

The executable triviador.exe has been detected as malware by 11 anti-virus scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 8877 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address users.atw.hu on port 80 using the HTTP protocol.
Product:
Triviador

Version:
1.0.0.0

MD5:
faa81c04ea60d8b5e4fb8f457bd1e359

SHA-1:
4176e396becaf532f757e3466af6d905a5f7f6eb

SHA-256:
5120ce09970026066a28e54cf7dfeaded4027af19507e924fa6e7aa6ce80ee84

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/26/2024 11:14:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSILPerseus.39473
184

AegisLab AV Signature
Gen.Variant!c
2.1.4+

Avira AntiVirus
TR/Dropper.MSIL.jecv
8.3.3.4

Arcabit
Trojan.MSILPerseus.D9A31
1.0.0.741

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1683

Bitdefender
Gen:Variant.MSILPerseus.39473
1.0.20.1080

Emsisoft Anti-Malware
Gen:Variant.MSILPerseus.39473
8.16.08.03.05

F-Secure
Gen:Variant.MSILPerseus.39473
11.2016-03-08_4

G Data
Gen:Variant.MSILPerseus.39473
16.8.25

MicroWorld eScan
Gen:Variant.MSILPerseus.39473
17.0.0.648

Qihoo 360 Security
Win32/Trojan.433
1.0.0.1120

File size:
42.5 KB (43,520 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Triviador.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\triviador.exe

File PE Metadata
Compilation timestamp:
7/11/2016 10:27:57 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:xsLXPWoY1iJzrrRsC0HVuhBkImY5awQ0FRhcibWTJj3WkBi6M1kV:xsLXeoY1Onv0Eh953I3Woiz1W

Entry address:
0xBF8E

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7327

Code size:
40 KB (40,960 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8877/

Local host port:
8877

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to users.atw.hu  (88.151.96.4:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mrs1.fbcdn.net  (31.13.75.12:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mrs1.facebook.com  (31.13.75.8:443)

TCP (HTTP):
Connects to asphostpage.net  (91.120.20.110:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mrs1.facebook.com  (31.13.75.36:443)

TCP (HTTP SSL):
Connects to co2sch020010342.gateway.messenger.live.com  (65.55.252.161:443)

TCP (HTTP SSL):
Connects to atlantic2105.dedicatedpanel.com  (85.25.218.209:443)

TCP (HTTP):
Connects to a84-53-133-56.deploy.akamaitechnologies.com  (84.53.133.56:80)

TCP (HTTP):
Connects to a23-50-186-156.deploy.static.akamaitechnologies.com  (23.50.186.156:80)

TCP (HTTP):
Connects to a23-214-208-33.deploy.static.akamaitechnologies.com  (23.214.208.33:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-yyz1.facebook.com  (31.13.80.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-yyz1.fbcdn.net  (31.13.80.12:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-cai1.fbcdn.net  (31.13.88.8:443)

TCP (HTTP):
Connects to server-52-84-141-120.yto50.r.cloudfront.net  (52.84.141.120:80)

TCP:
Connects to jl-in-f188.1e100.net  (209.85.200.188:5228)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-yyz1.facebook.com  (31.13.80.37:443)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-cai1.facebook.com  (31.13.88.37:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-yyz1.facebook.com  (31.13.80.8:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-cai1.facebook.com  (31.13.88.4:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cai1.facebook.com  (31.13.88.36:443)

Remove triviador.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.