winsptr.exe

The executable winsptr.exe has been detected as malware by 31 anti-virus scanners. While running, it connects to the Internet address amung.us on port 80 using the HTTP protocol.
MD5:
297b688095172b16ccb10ae23e3714cb

SHA-1:
ddf8d9cf0f60e83df5b1a5f58f43a37341a7b960

SHA-256:
36e2005f52fae75dc36d771a2f83f8ae3eeab4cdd3f03ee327ebd5bb2148152b

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
11/27/2024 11:30:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2101646
593

Agnitum Outpost
Backdoor.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Downloader
2015.03.08

Avira AntiVirus
TR/Dropper.Gen
7.11.214.168

avast!
Win32:Malware-gen
2014.9-150316

AVG
Win32/DH
2016.0.3169

Baidu Antivirus
Backdoor.Win32.Agent
4.0.3.15316

Bitdefender
Trojan.GenericKD.2101646
1.0.20.865

Comodo Security
UnclassifiedMalware
21329

Dr.Web
Trojan.DownLoader12.16045
9.0.1.075

ESET NOD32
Win32/Regiskazi (variant)
9.11285

Fortinet FortiGate
W32/Agent.A!tr.bdr
3/16/2015

herdProtect (fuzzy)
2015.6.22.5

IKARUS anti.virus
Trojan.Win32.Regiskazi
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15187

Kaspersky
Backdoor.Win32.Agent
14.0.0.2338

Malwarebytes
Trojan.Agent.WNS
v2015.03.16.09

McAfee
RDN/Generic BackDoor!bbn
5600.6825

MicroWorld eScan
Trojan.GenericKD.2101646
16.0.0.519

NANO AntiVirus
Trojan.Win32.Regiskazi.dmdtgx
0.30.0.296

Norman
Obfuscated_O
11.20150316

nProtect
Trojan.GenericKD.2101646
15.01.23.01

Panda Antivirus
Trj/CI.A
15.03.16.09

Quick Heal
Backdoor.Agent.r5
3.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.11AP15
7.2.75

Trend Micro
TROJ_SPNR.11AP15
10.465.16

Vba32 AntiVirus
Backdoor.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38218

ViRobot
Dropper.A.Dapato.679936.H[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.Agent.Win32.53975
2.0.0.2090

File size:
557.5 KB (570,865 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\winsptr.exe

File PE Metadata
Compilation timestamp:
1/21/2015 7:27:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
12288:ASuDzZRUkvI9LvEZMC/54lTZsfNXjSU0ntnKnxrErLRAl2M/UFxTRcEiP/3IWVJi:ASuDzZRUkvb2TZYjSU0tf6UG/a

Entry address:
0x1240

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 38, 43, 45, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 78, 43, 45, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 60, 43, 45, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 5D, E9, 37, 15, 01, 00, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 28, 8B, 45, 10, 89, 04, 24, E8, 8B, 7C, 01, 00, 48, 89, 45, FC, 8B, 45, 0C, 48, 89, 45, F4, 8D, 45, F4, 89, 44, 24, 04, 8D, 45, FC, 89, 04, 24, E8, DE, 50, 04, 00, 8B, 00...
 
[+]

Packer / compiler:
MingWin32

Code size:
293 KB (300,032 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to amung.us  (67.202.94.94:80)

Remove winsptr.exe - Powered by Reason Core Security