» win20f1.exe
Overview
Analysis
File Details
Network (24)

win20f1.exe

The executable win20f1.exe has been detected as malware by 24 anti-virus scanners.

File name:

win20f1.exe

MD5:

082d9071deb3f1c770b0ba094dfce5ed

SHA-1:

5fb241113958e9fde9a5ce33001547179849eb2c

SHA-256:

96ef0dfdca9f0224acffac40326a71703f96c3ae7221b628641d624976ef7554

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/5/2024 4:49:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.38607

1056

AhnLab V3 Security

Trojan/Win32.Trojan Horse

2014.02.09

Avira AntiVirus

DR/Delphi.A.2754

7.11.130.82

avast!

Win32:Dropper-gen [Drp]

2014.9-140315

AVG

Agent4

2015.0.3534

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.14315

Bitdefender

Gen:Variant.Symmi.38607

1.0.20.370

Comodo Security

UnclassifiedMalware

17761

Emsisoft Anti-Malware

Gen:Variant.Symmi.38607

8.14.03.15.06

ESET NOD32

Win32/Agent.QDL

8.9401

Fortinet FortiGate

W32/Agent.QDL!tr

3/15/2014

F-Secure

Gen:Variant.Symmi.38607

11.2014-15-03_7

G Data

Gen:Variant.Symmi.38607

14.3.24

Malwarebytes

Trojan.Downloader.ED

v2014.03.15.06

McAfee

RDN/Generic.bfr!fs

5600.7190

Microsoft Security Essentials

Trojan:Win32/Tesch.B

1.165.247.01

MicroWorld eScan

Gen:Variant.Symmi.38607

15.0.0.222

NANO AntiVirus

Trojan.Win32.Delphi.ctacwy

0.28.0.57630

Norman

Troj_Generic.SJRCE

11.20140315

Panda Antivirus

Trj/CI.A

14.03.15.06

Sophos

Mal/Generic-S

4.97

Trend Micro House Call

TROJ_GEN.R01TC0PB214

7.2.74

Trend Micro

TROJ_GEN.R01TC0PB214

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

26314

File size:

166 KB (169,984 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\cyberlink\win20f1.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:nYiz3ubGtyEfzLrofPBQwUYS5kG33wgJGIVVJZlMbXo:nJvtyEL8FS59JJrDy

Entry address:

0x8C98

Entry point:

55, 8B, EC, 83, C4, E4, 53, 56, 57, 33, C0, 89, 45, E8, B8, 30, 8C, 40, 00, E8, CC, B8, FF, FF, BB, 38, E8, 40, 00, 33, C0, 55, 68, 30, C2, 40, 00, 64, FF, 30, 64, 89, 20, 33, C0, 89, 05, B0, E7, 40, 00, C7, 05, B4, E7, 40, 00, 00, 00, F0, 3F, 33, C0, 89, 05, B8, E7, 40, 00, C7, 05, BC, E7, 40, 00, 00, 00, F0, 3F, C6, 05, C0, E7, 40, 00, 7F, C6, 05, C1, E7, 40, 00, 7F, B8, C4, E7, 40, 00, E8, 59, A9, FF, FF, 33, C0, A3, C8, E7, 40, 00, 66, C7, 05, CC, E7, 40, 00, 47, 01, B8, D0, E7, 40, 00, E8, 3F, A9, FF... 
[+]

Entropy:

6.4303

Developed / compiled with:

Microsoft Visual C++

Code size:

45 KB (46,080 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to yv-in-f113.1e100.net (74.125.21.113:80)

TCP (HTTP):

Connects to yk-in-f148.1e100.net (74.125.196.148:80)

TCP (HTTP):

Connects to server-54-230-193-31.iad53.r.cloudfront.net (54.230.193.31:80)

TCP (HTTP):

Connects to server.bdqworks.com (66.147.232.252:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (176.32.101.156:80)

TCP (HTTP):

Connects to rtb02-c.us.dataxu.net (50.23.159.134:80)

TCP (HTTP):

Connects to ord08s06-in-f18.1e100.net (74.125.225.50:80)

TCP (HTTP):

Connects to ns3328032.ovh.net (37.59.28.105:80)

TCP (HTTP):

Connects to ns3324338.ovh.net (37.59.15.145:80)

TCP (HTTP):

Connects to lga15s42-in-f0.1e100.net (74.125.226.0:80)

TCP (HTTP):

Connects to lga15s35-in-f13.1e100.net (173.194.43.45:80)

TCP (HTTP):

Connects to jumptap.com (209.94.144.19:80)

TCP (HTTP):

Connects to iad23s17-in-f27.1e100.net (74.125.228.155:80)

TCP (HTTP):

Connects to iad23s17-in-f26.1e100.net (74.125.228.154:80)

TCP (HTTP):

Connects to iad23s17-in-f25.1e100.net (74.125.228.153:80)

TCP (HTTP):

Connects to iad23s17-in-f13.1e100.net (74.125.228.141:80)

TCP (HTTP):

Connects to iad23s08-in-f2.1e100.net (74.125.228.98:80)

TCP (HTTP):

Connects to edge-star-shv-12-frc3.facebook.com (173.252.120.6:80)

TCP (HTTP):

Connects to a72-246-43-82.deploy.akamaitechnologies.com (72.246.43.82:80)

TCP (HTTP):

Connects to a23-1-39-21.deploy.static.akamaitechnologies.com (23.1.39.21:80)

Remove win20f1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.