» vlilvxsvwnew.exe
Overview
Analysis
File Details
Behaviors (1)
Network (9)

vlilvxsvwnew.exe

The executable vlilvxsvwnew.exe has been detected as malware by 3 anti-virus scanners. It runs as a windows Service named “Key Management Software Web Builder ActiveX File”. While running, it connects to the Internet address institutul-rev1989-rosseti-fo.b.astral.ro on port 34231.

File name:

vlilvxsvwnew.exe

MD5:

06c6c5e90434c6f83aacf6bdd9203fe3

SHA-1:

c6a82855282f82e53c7af26b4906abcef5a7fa02

SHA-256:

6d26e2b9e18cc07e1b98305509cf46f6c51b2214c7930b530ffd2c34117c68bb

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/16/2024 5:57:01 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160917-0

Dr.Web

Trojan.Click3.10964

9.0.1.05190

ESET NOD32

Win32/Bayrob.BL trojan

6.3.12010.0

File size:

1 MB (1,099,264 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\vlilvxsvwnew.exe

File PE Metadata

Compilation timestamp:

11/4/2014 10:23:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0xD071C

Entry point:

E8, C7, 9E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 28, 60, 4F, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 2C, 60, 4F, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, FE, 19, 00, 00, 85, C0, 75, 06, B8, 90, 61, 4F, 00, C3, 83, C0, 08, C3, E8, EB, 19, 00, 00, 85, C0, 75, 06, B8, 94, 61, 4F, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Entropy:

7.0212

Code size:

936.5 KB (958,976 bytes)

Service

Display name:

Key Management Software Web Builder ActiveX File

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to fiber-190-118.online.com.kh (124.248.190.118:42296)

TCP (HTTP):

Connects to vps1250780.vs.webtropia-customer.com (78.31.65.156:80)

TCP (HTTP):

Connects to url.hover.com (64.98.145.30:80)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.122:80)

TCP:

Connects to institutul-rev1989-rosseti-fo.b.astral.ro (95.76.162.176:34231)

TCP (HTTP):

Connects to gblgr.com (173.254.236.159:80)

TCP:

Connects to 50-95.milv.cyg.net (97.107.50.95:32535)

TCP (HTTP):

Connects to 202.142.221.43.colo.isp-thailand.com (202.142.221.43:80)

TCP (HTTP):

Connects to 147.62.236.23.bc.googleusercontent.com (23.236.62.147:80)

Remove vlilvxsvwnew.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.