vudazixisrud.exe

The executable vudazixisrud.exe has been detected as malware by 14 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘vudazixisrud’. While running, it connects to the Internet address mtaout-a-mtc-a.mx.aol.com on port 25.
MD5:
f4636b8d8ef80ca603af3af2fe9e9c39

SHA-1:
9c44de99d576136a5fc6559b4f8ca6fa4968f9f8

SHA-256:
3b8875a755c0be5ab2bfe6451e567c9b7e93ce0d3daa8e35539f3b7f713f0d4f

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
12/25/2024 3:10:47 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Tepfer
2013.07.11

Avira AntiVirus
TR/Inject.fwpe.2
7.11.89.236

avast!
Win32:Rootkit-gen [Rtk]
2014.9-170220

AVG
SHeur4
2018.0.2462

Dr.Web
BackDoor.Tishop.55
9.0.1.051

ESET NOD32
Win32/Injector.AJFS (variant)
11.8551

IKARUS anti.virus
Virus.Win32.Injector
t3scan.2.0.3.0

Kaspersky
Trojan.Win32.Inject
14.0.0.-1197

Malwarebytes
Trojan.Inject
v2017.02.20.10

McAfee
Artemis!F4636B8D8EF8
5600.6118

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail
1.163.1557.0

Panda Antivirus
Trj/CI.A
17.02.20.10

Sophos
Mal/Agent-ALL
4.90

Trend Micro House Call
TROJ_GEN.RFFFH01GA13
7.2.51

File size:
107.6 KB (110,213 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\acer\vudazixisrud.exe

File PE Metadata
Compilation timestamp:
7/9/2013 4:06:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

Entry address:
0x20110

Entry point:
60, BE, 15, 20, 41, 00, 8D, BE, EB, EF, FE, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
60 KB (61,440 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
vudazixisrud

Command:
C:\users\acer\vudazixisrud.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns339617.ip-176-31-248.eu  (176.31.248.197:80)

TCP (HTTP):
Connects to vmcp07.myhostcenter.com  (216.222.194.171:80)

TCP (HTTP):
Connects to no-ptr.easyvserver.com  (62.233.105.171:80)

TCP (HTTP):
Connects to nakedcumshots.com  (64.59.81.104:80)

TCP (HTTP):
Connects to mhintdin-unix.alicomitalia.it  (95.110.192.171:80)

TCP (HTTP):
Connects to ip-50-63-84-77.ip.secureserver.net  (50.63.84.77:80)

TCP (HTTP):
Connects to full-cdn-01.cluster006.ovh.net  (213.186.33.97:80)

TCP (HTTP):
Connects to ec2-54-171-199-198.eu-west-1.compute.amazonaws.com  (54.171.199.198:80)

TCP (HTTP):
Connects to cloud.southislandtech.com  (96.125.178.86:80)

TCP (HTTP):
Connects to cath4choice.org  (76.12.228.8:80)

TCP (HTTP):
Connects to vsg01.hosting.west-webworld.com  (185.13.64.99:80)

TCP (HTTP):
Connects to sv04ce65.zeronet.co.jp  (49.212.155.220:80)

TCP (SMTP):
Connects to smtp1.sbc.mail.vip.ne1.yahoo.com  (98.138.31.74:25)

TCP (SMTP):
Connects to smtp1.sbc.mail.vip.bf1.yahoo.com  (98.139.221.42:25)

TCP (HTTP):
Connects to sipau5-20.nexcess.net  (103.224.88.65:80)

TCP (HTTP):
Connects to server88-208-252-9.fasthosts.net.uk  (88.208.252.9:80)

TCP (HTTP):
Connects to server.serbay.net  (5.250.245.23:80)

TCP (HTTP):
Connects to redireccion.configbox.com  (80.93.92.146:80)

TCP (HTTP):
Connects to li918-98.members.linode.com  (45.56.68.98:80)

TCP (HTTP):
Connects to f5.69.c1ad.ip4.static.sl-reverse.com  (173.193.105.245:80)

Remove vudazixisrud.exe - Powered by Reason Core Security