련이 windows10 자기보호。.exe

The executable 련이 windows10 자기보호。.exe has been detected as malware by 22 anti-virus scanners. While running, it connects to the Internet address ns1.daum.net on port 80 using the HTTP protocol.
Version:
1.1.22.07

MD5:
18726eefc3fdfb4d7ed7904a713f8176

SHA-1:
1a9bb0c149a09aab619185cf995ae746e9b21e11

SHA-256:
dcfffa1848e474607fa71f9efabc1e3e8bc7553c7e6133f953555fb427a46257

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
12/25/2024 7:15:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Packer.Enigma.1
317

AegisLab AV Signature
Packer.Enigma.Gen!c
2.1.4+

Arcabit
Packer.Enigma.1
1.0.0.656

avast!
Win32:Evo-gen [Susp]
2014.9-160324

Bitdefender
Packer.Enigma.1
1.0.20.420

Bkav FE
HW32.Packed
1.3.0.7717

Comodo Security
UnclassifiedMalware
24324

Emsisoft Anti-Malware
Packer.Enigma
8.16.03.24.07

ESET NOD32
Win32/Packed.EnigmaProtector.J suspicious (variant)
10.13083

F-Prot
W32/Heuristic-210
v6.4.7.1.166

F-Secure
Packer.Enigma.1
11.2016-24-03_5

G Data
Packer.Enigma
16.3.25

IKARUS anti.virus
Packer.Enigma
t3scan.2.0.7.0

K7 AntiVirus
Trojan
13.213.18849

McAfee
Artemis!18726EEFC3FD
5600.6451

MicroWorld eScan
Packer.Enigma.1
17.0.0.252

nProtect
Packer.Enigma.1
16.02.24.01

Qihoo 360 Security
HEUR/QVM18.1.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16322

Trend Micro
TROJ_GEN.R00XC0OBA16
10.465.24

Vba32 AntiVirus
TrojanBanker.ChePro
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
47456

File size:
1.6 MB (1,705,472 bytes)

Product version:
1.1.22.07

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\videos\sample videos\준서폴더\모든 핵파일\련이_windows10_자기보호。\련이 windows10 자기보호。.exe

File PE Metadata
Compilation timestamp:
12/12/2015 1:20:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:fBxTWyLfiiR1+8yiVunjRA99AwoESJr9/19q08E:fBxy39jRA94Jd19qc

Entry address:
0x7FA3

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, C5, 21, 49, 00, 90, E0, A2, 32, B9, 9E, 0F, 26, C6, 47, D7, 63, E2, 40, 13, 6E, 1F, 64, A6, 37, 57, BF, 13, 10, 8B, DB, 9E, 44, 55, 0F, 72, 5E, EA, AC, 71, B1, 9F, 0B, D1, DA, 61, 4F, 86, 2B, E9, 0F, 5D, 21, C1, B7, 2A, 84, 86, 79, 35, F5, F3, CC, FF, 31, 2F, 7C, 13, B4, C8, 8B, 6B, FF, 52, B1, 8B, DE, 44, 03, CD, 0C, EF, 7D, 5E, 8D, 45, 4A, BE, F9, 78, B1, FC, 07, 98, 21, D6, 83, 3C, 73, 37, 94, A2, 23, 53, 25...
 
[+]

Entropy:
7.9396

Developed / compiled with:
Microsoft Visual C++

Code size:
722 KB (739,328 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ns1.daum.net  (211.244.82.80:80)

Remove 련이 windows10 자기보호。.exe - Powered by Reason Core Security