» warzpro.exe
Overview
Analysis
File Details
Downloads (1)

warzpro.exe

HonHero

The executable warzpro.exe has been detected as malware by 24 anti-virus scanners. The file has been seen being downloaded from download1058.mediafire.com.

File name:

warzpro.exe

Publisher:

Microsoft* (Invalid match)

Product:

HonHero

Version:

1.0.0.0

MD5:

90571f380e6cd6b98fd63c2b3369ee99

SHA-1:

75e5b26a985cc7877f5fe9c8e345ae74204081fc

SHA-256:

1716873f3dfac19cc0b50c84d50301ad9cf141a423a3a1d8aea491013d5e8595

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/23/2024 9:07:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.506072

212

Agnitum Outpost

Trojan.PWS.OnLineGames

7.1.1

Avira AntiVirus

TR/Spy.A.9944

7.11.215.52

avast!

Win32:Malware-gen

2014.9-160706

AVG

PSW.OnlineGames4

2017.0.2690

Baidu Antivirus

Trojan.MSIL.OnLineGames

4.0.3.1676

Bitdefender

Gen:Variant.Kazy.506072

1.0.20.940

Comodo Security

UnclassifiedMalware

21349

Emsisoft Anti-Malware

Gen:Variant.Kazy.506072

8.16.07.06.10

ESET NOD32

MSIL/PSW.OnLineGames.LN (variant)

10.11290

Fortinet FortiGate

MSIL/Agent.OFU!tr

7/6/2016

F-Secure

Gen:Variant.Kazy.506072

11.2016-06-07_4

G Data

Gen:Variant.Kazy.506072

16.7.25

IKARUS anti.virus

Trojan.MSIL.PSW

t3scan.1.8.6.0

K7 AntiVirus

Password-Stealer

13.200.15197

McAfee

RDN/Generic PWS.y!bcd

5600.6346

MicroWorld eScan

Gen:Variant.Kazy.506072

17.0.0.564

NANO AntiVirus

Trojan.Win32.OnLineGames.dkjglr

0.30.0.296

Norman

Suspicious_Gen5.AZLJL

11.20160706

Qihoo 360 Security

Win32/Trojan.4f0

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R03EC0VLB14

7.2.188

Trend Micro

TROJ_GEN.R03EC0VLB14

10.465.06

VIPRE Antivirus

Trojan.Win32.Generic

38260

File size:

386 KB (395,264 bytes)

Product version:

1.0.0.0

Original file name:

HonHero.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\warzpro.exe

File PE Metadata

Compilation timestamp:

10/11/2014 8:13:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:+4QGWf7SQgrq/1UR7QND+8L7t8fSPQhFeKXWLPj2IrtHevcnCK2JqBw:+dbfRBLDxWfBhFeKGLPjfKcnCK2J

Entry address:

0x6128E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.3680

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

381 KB (390,144 bytes)

The file warzpro.exe has been seen being distributed by the following URL.

http://download1058.mediafire.com/ydfsjm0w6ceg/.../WarZPro.exe

Remove warzpro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.