win7.exe

The executable win7.exe has been detected as malware by 35 anti-virus scanners. While running, it connects to the Internet address hserv26.homehost.com.br on port 80 using the HTTP protocol.
MD5:
b5efdb54691c240a97100c29fc6fcbb4

SHA-1:
dcd66aed3bfe57c00ecf25b0ec535d6adf792337

SHA-256:
22230af78b3858341cd79c3e57bd9f5bdc653572f431f0ef14da6acfe1a7d902

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/5/2024 8:16:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.97536
159

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

Agnitum Outpost
TrojanSpy.Banker
7.1.1

AhnLab V3 Security
Trojan/Win32.CSon
2016.03.19

Avira AntiVirus
TR/Spy.Banker.Gen
8.3.3.2

Arcabit
Trojan.Zusy.D17D00
1.0.0.662

avast!
Win32:Malware-gen
2014.9-160828

AVG
Win32/DH{NiQDJQ?}
2017.0.2637

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.16828

Bitdefender
Gen:Variant.Zusy.97536
1.0.20.1205

Comodo Security
UnclassifiedMalware
24589

Dr.Web
Trojan.DownLoader11.21717
9.0.1.0241

Emsisoft Anti-Malware
Gen:Variant.Zusy.97536
8.16.08.28.04

ESET NOD32
Win32/Spy.Banker.AAUU (variant)
10.13200

Fortinet FortiGate
W32/Banker.AAUU!tr.spy
8/28/2016

F-Secure
Gen:Variant.Zusy.97536
11.2016-28-08_1

G Data
Gen:Variant.Zusy.97536
16.8.25

IKARUS anti.virus
Trojan-Banker.Win32.Banbra
t3scan.2.0.9.0

K7 AntiVirus
Spyware
13.218.19054

Kaspersky
Trojan.Win32.Agent
14.0.0.-318

McAfee
Artemis!B5EFDB54691C
5600.6293

Microsoft Security Essentials
TrojanSpy:Win32/Chaori.A
1.1.12505.0

MicroWorld eScan
Gen:Variant.Zusy.97536
17.0.0.723

NANO AntiVirus
Trojan.Win32.DownLoader11.deteiv
1.0.18.6677

Panda Antivirus
Trj/CI.A
16.08.28.04

Qihoo 360 Security
HEUR/Malware.QVM17.Gen
1.0.0.1120

Quick Heal
Trojan.Agen.g2
8.16.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16826

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/Tnega.AJCfUQB
37.1.62.1

Trend Micro House Call
TROJ_SPNR.0BI114
7.2.241

Trend Micro
TROJ_SPNR.0BI114
10.465.28

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
47968

Zillya! Antivirus
Trojan.Banker.Win32.84670
2.0.0.2732

File size:
1.6 MB (1,729,536 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\win7.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:A2M+uuaKMZKRgWm23sqJQcOVfHacPag9H56+sqd8Stsu096OO:A2MrKiS9Dkfx1v69qGS2NO

Entry address:
0xBE098

Entry point:
B8, 80, C1, 7A, 01, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 01, 43, 93, 89, 42, A9, 98, 0C, 52, AB, A8, A1, AF, D7, 0A, 05, E1, 3D, 87, BE, 2A, 07, 38, 53, 87, C0, 2B, 4D, DB, 34, 0A, 66, B7, 4F, 85, 3A, FC, AF, 26, 18, 40, DD, 6E, 56, 35, 1C, 75, 46, B9, 94, F4, 7B, 88, 03, BB, 34, D9, 20, 6D, E3, 3E, 76, CA, 46, 36, 87, DD, BC, 70, CE, C7, E3, 30, 86, E9, 8E, EA, C3, 2C, 82, 74, A0, E9, 96, 93, A6, 5E, 28, 2F, 80, D7, DD, 1C...
 
[+]

Packer / compiler:
PECompact v2

Code size:
756.5 KB (774,656 bytes)

User Start Menu Item
Name:
win7.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hserv26.homehost.com.br  (177.85.96.86:80)

Remove win7.exe - Powered by Reason Core Security