» ultimate mu.exe
Overview
Analysis
File Details
Downloads (1)
Network (7)

ultimate mu.exe

IbanezServers

This is a setup program which is used to install the application. The file has been seen being downloaded from 167.114.223.93.

File name:

ultimate mu.exe

Publisher:

IbanezServers

Product:

IbanezServers

Version:

1.00.0547

MD5:

b3e1d837e36d9a016ad8bb28dc3ea7d5

SHA-1:

911112f2f106c36f147045bab1c3b40718bfaac9

SHA-256:

6b0c084da8cb3b183fed114cdbb243668393fda4d0b7a7c226161c6d7f61ab82

Scanner detections:

17 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/24/2024 8:20:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.513346

393

Agnitum Outpost

Trojan.Kazy

7.1.1

Arcabit

Trojan.Kazy.D7D542

1.0.0.627

AVG

Win32/DH{Bg?}

2017.0.2871

Bitdefender

Gen:Variant.Kazy.513346

1.0.20.40

Bkav FE

W32.HfsAutoB

1.3.0.7383

Comodo Security

TrojWare.Win32.Refroso.~d6

23688

Emsisoft Anti-Malware

Gen:Variant.Kazy.513346

8.16.01.08.03

F-Secure

Gen:Variant.Kazy.513346

11.2016-08-01_6

G Data

Gen:Variant.Kazy.513346

16.1.25

McAfee

RDN/Generic.dx

5600.6527

MicroWorld eScan

Gen:Variant.Kazy.513346

17.0.0.24

Qihoo 360 Security

Win32/Trojan.d71

1.0.0.1077

Quick Heal

(Suspicious) - DNAScan

1.16.14.00

Trend Micro

TROJ_GEN.R01TC0EJG15

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

45552

ViRobot

Trojan.Win32.Z.Kazy.1017344[h]

2014.3.20.0

File size:

993.5 KB (1,017,344 bytes)

Product version:

1.00.0547

IbanezServers

Trademarks:

IbanezServers

Original file name:

IbanezServersLauncherUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

Spanish

File PE Metadata

Compilation timestamp:

7/7/2015 6:12:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:qJ8WNPa7WcYUcTmCEn5wSYcy+7shhPTQ1S3qy+GKBmHJ5hyrJL2jrmQYWcoep58f:+FI7WcYUcjbhGkZKBmHTrHYWcRIs745

Entry address:

0x48000

Entry point:

55, E8, 00, 00, 00, 00, 5D, 83, ED, 06, 8B, C5, 55, 60, 89, AD, 93, 22, 00, 00, 2B, 85, 6E, 22, 00, 00, 89, 85, 22, 13, 00, 00, 80, BD, 23, 24, 00, 00, 00, 75, 09, C6, 85, 23, 24, 00, 00, 01, EB, 0B, 61, 5D, 8B, 85, 8F, 22, 00, 00, 5D, FF, E0, EB, 02, EB, FE, 8B, DD, 8C, D8, A8, 04, 74, 08, 81, C3, 8E, 0A, 00, 00, EB, 06, 81, C3, 51, 0A, 00, 00, FF, D3, 6A, 04, 68, 00, 10, 00, 00, 68, 00, 30, 00, 00, 6A, 00, FF, 95, FD, 10, 00, 00, 89, 85, 09, 24, 00, 00, 50, B8, 08, 0C, 00, 00, 03, C5, FF, D0, B8, 43, 0C... 
[+]

Packer / compiler:

Crunch/PE v1.0.x.x

Code size:

272 KB (278,528 bytes)

The file ultimate mu.exe has been seen being distributed by the following URL.

http://167.114.223.93/.../Dominius Mu - Negro.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to customer-static-210-182-119.iplannetworks.net (190.210.182.119:80)

TCP (HTTP):

Connects to 10.ip-158-69-209.net (158.69.209.10:80)

TCP (HTTP):

Connects to cpanel01.virtualnetglobal.com (158.69.136.193:80)

TCP (HTTP):

Connects to 69.197.18.174.afraid.org (69.197.18.174:80)

TCP (HTTP):

Connects to rdns0.ninjahost.biz (104.225.131.3:80)

TCP (HTTP):

Connects to unassigned.psychz.net (45.35.130.168:80)

TCP (HTTP):

Connects to messi.dattaweb.com (200.58.110.194:80)

Scan ultimate mu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.