warzpro.exe

HonHero

The executable warzpro.exe has been detected as malware by 24 anti-virus scanners. The file has been seen being downloaded from download1058.mediafire.com.
Publisher:
Microsoft*  (Invalid match)

Product:
HonHero

Version:
1.0.0.0

MD5:
90571f380e6cd6b98fd63c2b3369ee99

SHA-1:
75e5b26a985cc7877f5fe9c8e345ae74204081fc

SHA-256:
1716873f3dfac19cc0b50c84d50301ad9cf141a423a3a1d8aea491013d5e8595

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/26/2024 4:42:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.506072
212

Agnitum Outpost
Trojan.PWS.OnLineGames
7.1.1

Avira AntiVirus
TR/Spy.A.9944
7.11.215.52

avast!
Win32:Malware-gen
2014.9-160706

AVG
PSW.OnlineGames4
2017.0.2690

Baidu Antivirus
Trojan.MSIL.OnLineGames
4.0.3.1676

Bitdefender
Gen:Variant.Kazy.506072
1.0.20.940

Comodo Security
UnclassifiedMalware
21349

Emsisoft Anti-Malware
Gen:Variant.Kazy.506072
8.16.07.06.10

ESET NOD32
MSIL/PSW.OnLineGames.LN (variant)
10.11290

Fortinet FortiGate
MSIL/Agent.OFU!tr
7/6/2016

F-Secure
Gen:Variant.Kazy.506072
11.2016-06-07_4

G Data
Gen:Variant.Kazy.506072
16.7.25

IKARUS anti.virus
Trojan.MSIL.PSW
t3scan.1.8.6.0

K7 AntiVirus
Password-Stealer
13.200.15197

McAfee
RDN/Generic PWS.y!bcd
5600.6346

MicroWorld eScan
Gen:Variant.Kazy.506072
17.0.0.564

NANO AntiVirus
Trojan.Win32.OnLineGames.dkjglr
0.30.0.296

Norman
Suspicious_Gen5.AZLJL
11.20160706

Qihoo 360 Security
Win32/Trojan.4f0
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R03EC0VLB14
7.2.188

Trend Micro
TROJ_GEN.R03EC0VLB14
10.465.06

VIPRE Antivirus
Trojan.Win32.Generic
38260

File size:
386 KB (395,264 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Original file name:
HonHero.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\warzpro.exe

File PE Metadata
Compilation timestamp:
10/11/2014 8:13:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:+4QGWf7SQgrq/1UR7QND+8L7t8fSPQhFeKXWLPj2IrtHevcnCK2JqBw:+dbfRBLDxWfBhFeKGLPjfKcnCK2J

Entry address:
0x6128E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3680

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
381 KB (390,144 bytes)

The file warzpro.exe has been seen being distributed by the following URL.

Remove warzpro.exe - Powered by Reason Core Security