home

Undergrads.exe

Rectogenital

Rabah Azrarak

The file Undergrads.exe has been detected as malware by 3 anti-virus scanners. The file has been seen being downloaded from eecohweb1.com.
Publisher:
electronics cop.  (signed by Rabah Azrarak)

Product:
Rectogenital

Description:
Skewerwood0

Version:
1.00

MD5:
aec3b5effad8629e151bd1751171ef24

SHA-1:
177d911e77d33b4d16644d8435fb671581c9f7af

SHA-256:
dd4165db717a45a37013248aa8aeda28be249e0d76ba6954d402f1a3351dccfe

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/14/2024 9:19:04 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Symmi.48000
11.5.0.6191

F-Secure
Variant.Symmi.48000
5.15.21

Norman
Gen:Variant.Symmi.48000
02.04.2016 17:35:19

File size:
265.1 KB (271,496 bytes)

Product version:
1.00

Original file name:
Undergrads.exe

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\temp\a43f.tmp

Digital Signature
Signed by:
Rabah Azrarak

Authority:
Unizeto Technologies S.A.

Valid from:
5/11/2016 11:39:13 PM

Valid to:
5/11/2017 11:39:13 PM

Subject:
E=rabahsoft@yahoo.com, CN=Rabah Azrarak, O=Rabah Azrarak, C=CH

Issuer:
CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
0ECD460CE14BD8EF2926DA2CD9A44176

File PE Metadata
Compilation timestamp:
5/11/2016 10:43:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:PQmdf7GcADuyMsGEhjIjMKA6l2Hz+8vsZ9UCq0iiiCbuI3qpYQnbLKToKi3C+v8b:YmdI1MeaN8vgCg/bKCQn/KUb

Entry address:
0x12A0

Entry point:
68, 94, BF, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 09, 8F, 2F, 35, FF, 8A, 7D, 40, 9F, 06, 60, 35, 7F, 97, 58, DA, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, E0, A3, 1F, 03, 4D, 69, 73, 63, 6F, 72, 72, 65, 63, 74, 36, 00, 20, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, B4, 64, 70, 2A, 0D, C4, 4F, 4C, AF, 48, 52, 55, F2, 1F, 03, 14, 9E, C0, 2E, 00, 1E, 91, FA, 46, 96, 4C, 12, 15, 53, C3, FB, 8A, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.7922

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
248 KB (253,952 bytes)

The file Undergrads.exe has been seen being distributed by the following URL.

https://eecohweb1.com/1841238586518/1841238586518/.../FlashPlayer.exe

Remove Undergrads.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.