ultimate mu.exe

IbanezServers

This is a setup program which is used to install the application. The file has been seen being downloaded from 167.114.223.93.
Publisher:
IbanezServers

Product:
IbanezServers

Version:
1.00.0547

MD5:
b3e1d837e36d9a016ad8bb28dc3ea7d5

SHA-1:
911112f2f106c36f147045bab1c3b40718bfaac9

SHA-256:
6b0c084da8cb3b183fed114cdbb243668393fda4d0b7a7c226161c6d7f61ab82

Scanner detections:
17 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 8:20:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.513346
393

Agnitum Outpost
Trojan.Kazy
7.1.1

Arcabit
Trojan.Kazy.D7D542
1.0.0.627

AVG
Win32/DH{Bg?}
2017.0.2871

Bitdefender
Gen:Variant.Kazy.513346
1.0.20.40

Bkav FE
W32.HfsAutoB
1.3.0.7383

Comodo Security
TrojWare.Win32.Refroso.~d6
23688

Emsisoft Anti-Malware
Gen:Variant.Kazy.513346
8.16.01.08.03

F-Secure
Gen:Variant.Kazy.513346
11.2016-08-01_6

G Data
Gen:Variant.Kazy.513346
16.1.25

McAfee
RDN/Generic.dx
5600.6527

MicroWorld eScan
Gen:Variant.Kazy.513346
17.0.0.24

Qihoo 360 Security
Win32/Trojan.d71
1.0.0.1077

Quick Heal
(Suspicious) - DNAScan
1.16.14.00

Trend Micro
TROJ_GEN.R01TC0EJG15
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
45552

ViRobot
Trojan.Win32.Z.Kazy.1017344[h]
2014.3.20.0

File size:
993.5 KB (1,017,344 bytes)

Product version:
1.00.0547

Copyright:
IbanezServers

Trademarks:
IbanezServers

Original file name:
IbanezServersLauncherUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

File PE Metadata
Compilation timestamp:
7/7/2015 6:12:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:qJ8WNPa7WcYUcTmCEn5wSYcy+7shhPTQ1S3qy+GKBmHJ5hyrJL2jrmQYWcoep58f:+FI7WcYUcjbhGkZKBmHTrHYWcRIs745

Entry address:
0x48000

Entry point:
55, E8, 00, 00, 00, 00, 5D, 83, ED, 06, 8B, C5, 55, 60, 89, AD, 93, 22, 00, 00, 2B, 85, 6E, 22, 00, 00, 89, 85, 22, 13, 00, 00, 80, BD, 23, 24, 00, 00, 00, 75, 09, C6, 85, 23, 24, 00, 00, 01, EB, 0B, 61, 5D, 8B, 85, 8F, 22, 00, 00, 5D, FF, E0, EB, 02, EB, FE, 8B, DD, 8C, D8, A8, 04, 74, 08, 81, C3, 8E, 0A, 00, 00, EB, 06, 81, C3, 51, 0A, 00, 00, FF, D3, 6A, 04, 68, 00, 10, 00, 00, 68, 00, 30, 00, 00, 6A, 00, FF, 95, FD, 10, 00, 00, 89, 85, 09, 24, 00, 00, 50, B8, 08, 0C, 00, 00, 03, C5, FF, D0, B8, 43, 0C...
 
[+]

Packer / compiler:
Crunch/PE v1.0.x.x

Code size:
272 KB (278,528 bytes)

The file ultimate mu.exe has been seen being distributed by the following URL.

http://167.114.223.93/.../Dominius Mu - Negro.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to customer-static-210-182-119.iplannetworks.net  (190.210.182.119:80)

TCP (HTTP):
Connects to 10.ip-158-69-209.net  (158.69.209.10:80)

TCP (HTTP):
Connects to cpanel01.virtualnetglobal.com  (158.69.136.193:80)

TCP (HTTP):
Connects to 69.197.18.174.afraid.org  (69.197.18.174:80)

TCP (HTTP):
Connects to rdns0.ninjahost.biz  (104.225.131.3:80)

TCP (HTTP):
Connects to unassigned.psychz.net  (45.35.130.168:80)

TCP (HTTP):
Connects to messi.dattaweb.com  (200.58.110.194:80)

Scan ultimate mu.exe - Powered by Reason Core Security