turkhackteam.net güçlü ddos saldırısı.exe

The application turkhackteam.net güçlü ddos saldırısı.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s5.dosya.tc and multiple other hosts.
MD5:
20b57457f3e68c6eed52eb6908d5e3f8

SHA-1:
9c82e714cae9ee39621c93e95a37e8e31831aa39

SHA-256:
7c19875acc21e30adc69bc4adcbfaad91ad95291cd630ce69df02d3a7bcc5408

Scanner detections:
31 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:37:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Hacktool.Agent.BK
593

Agnitum Outpost
Riskware.HackTool
7.1.1

Arcabit
Trojan.Hacktool.Agent.BK
1.0.0.425

avast!
Win32:Trojan-gen
2014.9-150621

Baidu Antivirus
Hacktool.Win32.Hoic
4.0.3.15621

Bitdefender
Trojan.Hacktool.Agent.BK
1.0.20.860

Clam AntiVirus
HackTool.DDOS.HOIC
0.98/21511

Comodo Security
ApplicUnsaf.Win32.HackTool.Hoic.~A
22506

Dr.Web
DDoS.5744
9.0.1.0172

Emsisoft Anti-Malware
Trojan.Hacktool.Agent.BK
8.15.06.21.10

ESET NOD32
Win32/HackTool.Agent.C potentially unsafe
9.11813

Fortinet FortiGate
Riskware/Agent
6/21/2015

F-Secure
Trojan.Hacktool.Agent.BK
11.2015-21-06_1

G Data
Trojan.Hacktool.Agent.BK
15.6.25

IKARUS anti.virus
Trojan.HackTool.Agent
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.205.16305

Malwarebytes
HackTool.Hoylecann
v2015.06.21.10

McAfee
Artemis!20B57457F3E6
5600.6727

Microsoft Security Essentials
HackTool:Win32/Hoylecann.A
1.1.11701.0

MicroWorld eScan
Trojan.Hacktool.Agent.BK
16.0.0.516

NANO AntiVirus
Trojan.Win32.Hoic.cudrel
0.30.24.2086

nProtect
Trojan.Hacktool.Agent.BK
15.06.19.01

Panda Antivirus
Trj/CI.A
15.06.21.10

Qihoo 360 Security
Win32/Trojan.Hacktool.82b
1.0.0.1015

Quick Heal
HackTool.Hoic.g4 (Not a Virus)
6.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.1261A09C!308387996
23.00.65.15619

Trend Micro House Call
HKTL_DDOS
7.2.172

Trend Micro
HKTL_DDOS
10.465.21

Vba32 AntiVirus
Hacktool.DDoSer.2321
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41272

ViRobot
Trojan.Win32.S.Agent.1968616[h]
2014.3.20.0

File size:
1.9 MB (1,968,616 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/28/2011 7:04:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:ZT85pRM7tww3AZ2e/WAAVm3J/AdpHRDFMShTie3PpZX4+6:ZT85puB0Z2BAAVm3J/UpHweie3xZh6

Entry address:
0xB480

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, D5, 2D, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, F3, A0, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 1C, A6, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 48, 32, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 4C, 32, 41, 00, 8D, 45, E4...
 
[+]

Code size:
70.5 KB (72,192 bytes)

The file turkhackteam.net güçlü ddos saldırısı.exe has been seen being distributed by the following 3 URLs.

http://s5.dosya.tc/en2.php?a=server3/.../TurkHackTeam.NeT_Guclu_DDOS_Saldirisi.exe&b=af78e59bb24c871f4fd0c5a74bbbae13

http://s2.dosya.tc/en2.php?a=server/.../DDOS_SALDIRI_PROGRAMI.exe&b=035b61e85d9870f25c4312c510cd1d4b