tw_hoktw-1.3.83.exe

The executable tw_hoktw-1.3.83.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from tw.hicdn.hok.beanfun.com.
MD5:
62756d4272c138d5d7022eae0e817ddd

SHA-1:
36e92822aa709db3de5214550ceefd661b220df0

SHA-256:
9428af4c9be40a6c85b879b57405ce6003a8c5fe242405f28794c524a52c1f6d

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/15/2024 9:01:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Gardih
160518-2

AVG
Win32/Hidrag.A
2015.0.4604

Dr.Web
Win32.HLLP.Jeefo.36352
9.0.1.05190

Emsisoft Anti-Malware
Win32.Jeefo
11.5.0.6191

ESET NOD32
Win32/Jeefo.A virus
8.0.319.0

F-Prot
W32/Jeefo.C
4.6.5.141

F-Secure
Win32.Jeefo.B
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.223.2652.0

Norman
Win32.Jeefo.B
19.05.2016 01:04:49

File size:
2 MB (2,149,528 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tw_hoktw-1.3.83.exe

File PE Metadata
Compilation timestamp:
8/24/2001 11:00:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.55

CTPH (ssdeep):
49152:2/wOXlAk2/5H1TICnM+2S88zkYY5GAZabVkwK8nk1dS:ZWl72/5H1lM+2H8zkY8GAZabVkYnk1dS

Entry address:
0x11F0

Entry point:
55, 89, E5, 83, EC, 08, 83, C4, F4, 6A, 02, A1, C8, B2, 40, 00, FF, D0, E8, 79, FF, FF, FF, C9, C3, 00, 00, 00, 00, 00, 00, 00, 49, 01, 23, 32, 32, 32, 21, 45, 73, 62, 68, 70, 6F, 21, 77, 6A, 73, 76, 74, 2F, 21, 43, 70, 73, 6F, 21, 6A, 6F, 21, 62, 21, 75, 73, 70, 71, 6A, 64, 62, 6D, 21, 74, 78, 62, 6E, 71, 2F, 00, 5C, 00, 20, 00, 22, 00, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39, D0, 73, 08, 00, 04, 08, 40, 39, D0, 72, F8, C9, C3, 8D, 76, 00, 55, 89, E5, 8B, 4D, 08, 8B, 55, 0C, 31, C0, 39...
 
[+]

Entropy:
7.8829

Packer / compiler:
Video-Lan-Client

Code size:
32.5 KB (33,280 bytes)

The file tw_hoktw-1.3.83.exe has been seen being distributed by the following URL.

Remove tw_hoktw-1.3.83.exe - Powered by Reason Core Security