home

ummyvc-web-loader.exe

Loader UVC

The executable ummyvc-web-loader.exe, “Loader UVC Setup ” has been detected as malware by 7 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from converter.ummy.net.
Product:
Loader UVC

Description:
Loader UVC Setup

Version:
2

MD5:
ef9bb48688794cfdd3f36920ae5b5e89

SHA-1:
e8067e466cea1aa4dca6a09da38829f353cbf051

SHA-256:
fbf888ee617167aa53372d808aad545632aaf85409c627164497b4b555eb5b9d

Scanner detections:
7 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/5/2024 1:44:07 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4591

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.208.0

File size:
1.2 MB (1,270,584 bytes)

Product version:
2

Copyright:
All Rights reserved © 2014-2016

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\documents and settings\poste16\mes documents\downloads\ummyvc-web-loader.exe

File PE Metadata
Compilation timestamp:
7/16/2015 3:24:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:kxGJpjwELQwQ8/EBdYfyoOrljl4XJJTigjOaLz/F/H4wfjwoWfG0vUk:JJpjwELQwQ8/EBdYfyoOrljGX3zaaHtK

Entry address:
0x113BC

Entry point:
38, E1, 49, 0F, BF, D2, 80, DB, B0, 0F, BF, DA, 81, FF, C7, 1E, 00, 00, 80, FB, 64, 68, EA, D1, 34, 00, 8A, E7, 8D, 35, 8F, A0, 0B, 32, C6, C3, BE, FE, CA, B9, 00, 00, 00, 00, 81, FD, 34, D9, 00, 00, 73, 04, 0F, CB, FF, C2, 2D, E2, F9, 3D, 0E, C6, C7, 75, 81, C1, 46, F2, FF, FF, 8B, ED, 81, C1, BB, 0D, 00, 00, F7, DF, 00, C0, 81, CE, 9E, DC, E9, B0, 81, F9, B4, 07, 00, 00, 72, D8, F7, C6, 66, F6, 04, 69, E8, 6F, 00, 00, 00, F7, D7, 89, C9, 78, 02, FE, C9, FF, C0, BF, 55, 11, 00, 00, 0F, CB, 81, EF, 10, 06...
 
[+]

Code size:
63.5 KB (65,024 bytes)

The file ummyvc-web-loader.exe has been seen being distributed by the following URL.

http://converter.ummy.net/.../UmmyVC-Web-Loader.exe

Remove ummyvc-web-loader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.