winseven.exe

The executable winseven.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address hostedc40.carrierzone.com on port 80 using the HTTP protocol.
MD5:
1a8370cb86800e4a019d5462e256ce8a

SHA-1:
b59920936fa621c2ba126ee75459dce6c2fc3641

SHA-256:
038174a7e19fb37d7579c5efca6a83ed5905182bf071e428f2efa74048747d58

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 12:52:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Agent.Bibin
17.2.27.4

File size:
125.7 KB (128,699 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
11/22/2012 5:16:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

Entry address:
0x1240

Entry point:
4F, 87, D3, 88, F2, 57, 74, 08, 89, FD, 69, C5, 44, 77, D9, 5D, 69, F0, 49, 49, 4B, 57, 01, D5, B0, 84, F2, 81, FE, 51, FE, 6B, 15, 81, F1, 18, C6, 1A, D3, 81, FB, A4, 23, 00, 00, 8D, 15, 38, FF, 26, C0, 8D, 3D, 1C, BD, 2C, BF, F2, 72, 06, 8A, FA, B2, 60, 86, DC, F2, E8, 56, 00, 00, 00, 6B, C9, 00, FE, C6, 88, EC, B7, 20, F7, C2, C0, 19, 77, E0, 43, 71, 07, 28, D3, 0F, BF, D3, B3, 69, BE, 0D, F9, FF, FF, 0F, AF, DB, 81, C6, F4, 06, 00, 00, 86, F7, 03, CE, B4, 75, 69, ED, 5B, 18, 3F, 07, 0F, AF, F5, F2, FE...
 
[+]

Entropy:
7.1111

Code size:
5 KB (5,120 bytes)

All Users Start Menu Item
Name:
taskhost.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hostedc40.carrierzone.com  (64.29.151.221:80)

TCP (HTTP):

Remove winseven.exe - Powered by Reason Core Security