vishwakarma.exe

ysp

The executable vishwakarma.exe has been detected as malware by 37 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘System32’. While running, it connects to the Internet address anubisnetworks.com on port 80 using the HTTP protocol.
Publisher:
Microsoft*  (Invalid match)

Product:
ysp

Description:
Photo

Version:
1.00

MD5:
1417b2c658aafff93f6257ae5c7661ca

SHA-1:
d87ebfbebcac83623145f2905fc6ccd99231252f

SHA-256:
bcf7f9c2815b210360fbc6a744758ffba72a603fcab15b04927c034874baf46d

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
11/5/2024 7:41:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Barys.442
827

AegisLab AV Signature
Troj.Downloader.W32.Genome
2.1.4+

Agnitum Outpost
Trojan.DL.Genome
7.1.1

AhnLab V3 Security
HEUR/Fakon.mwf
2014.10.31

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:Vitro
141025-0

AVG
Trojan horse Generic30.CICN
2014.0.4189

Bitdefender
Gen:Variant.Barys.442
1.0.20.1520

Comodo Security
Worm.Win32.VB.mrb
19950

Dr.Web
Trojan.DownLoader5.33626
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Barys.442
14.10.31

ESET NOD32
Win32/AutoRun.VB.ATP worm
7.0.302.0

Fortinet FortiGate
W32/Genome.DAOD!tr
10/31/2014

F-Prot
W32/VB.KW.gen
4.6.5.141

F-Secure
Gen:Variant.Barys.442
11.2014-31-10_6

G Data
Gen:Variant.Barys.442
14.10.24

IKARUS anti.virus
Worm.Win32.Psyokym
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13853

Kaspersky
Worm.Win32.WBNA
15.0.0.494

Malwarebytes
Backdoor.Agent
v2014.10.31.03

McAfee
Generic PWS.aad
5600.6961

Microsoft Security Essentials
Threat.Undefined
1.187.957.0

MicroWorld eScan
Gen:Variant.Barys.442
15.0.0.912

NANO AntiVirus
Trojan.Win32.WBNA.ctgbxm
0.28.6.62995

Norman
AutoRun.BVJS
11.20141031

nProtect
Trojan-Downloader/W32.Genome.77824.AX
14.10.30.01

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

Quick Heal
Worm.Psyokym.A3
10.14.14.00

Rising Antivirus
PE:Trojan.DL.Win32.Hoara.a!1075351165
23.00.65.141029

Sophos
W32/Psyke-A
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Autorun
10267

Total Defense
Win32/FakeFLDR_i
37.0.11256

Trend Micro House Call
Mal_OtorunP
7.2.304

Trend Micro
Mal_OtorunP
10.465.31

Vba32 AntiVirus
TrojanDownloader.Genome
3.12.26.3

VIPRE Antivirus
Threat.4792603
34232

ViRobot
Trojan.Win32.Downloader.189952.AV
2011.4.7.4223

File size:
76 KB (77,824 bytes)

Product version:
1.00

Original file name:
APS.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\vishwakarma.exe

File PE Metadata
Compilation timestamp:
10/3/2004 10:01:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:Z3i6EBXlLOUpgC2YwofaBKXWXsp9NLMXy3i6E:KLOUpgC2YwoSuusp9NL

Entry address:
0x10EC

Entry point:
68, 00, 75, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, B7, 50, 08, 32, 92, 96, 01, 4E, 89, F7, 0C, 81, 09, E5, E0, 69, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 59, 50, 53, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, F1, 23, A4, B1, C7, AA, 79, 41, 92, A3, 05, D7, 26, 2E, 45, 44, B4, F6, F7, BF, 2A, 00, 95, 43, 92, FA, 18, 20, 64, A1, F8, 29, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
4.6975

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
44 KB (45,056 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
System32

Command:
C:\ProgramData\vishwakarma.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to anubisnetworks.com  (195.22.26.253:80)

Remove vishwakarma.exe - Powered by Reason Core Security