woxharbjpgk.exe

The application woxharbjpgk.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from xzone-reactor.com. While running, it connects to the Internet address n1nlhg29c053.shr.prod.ams1.secureserver.net on port 80 using the HTTP protocol.
MD5:
ed6339557335ad46ff149b76ecb6de11

SHA-1:
1f80e7e1715a9f3a5ccfc673ce6accd565122f87

SHA-256:
3d538595ce1470deb4afbb1a3adfec9850f60cafae6d23c9249c96741bbe1e8d

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:48:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.491401
614

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2015.06.01

Avira AntiVirus
TR/Delf.Inject.6771204
8.3.1.6

AVG
Skodna.GameHack
2016.0.3092

Bitdefender
Gen:Variant.Kazy.491401
1.0.20.760

Bkav FE
HW32.Packed
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Kazy.491401
8.15.06.01.09

ESET NOD32
Win32/GameHack.UL potentially unsafe (variant)
9.11714

Fortinet FortiGate
Riskware/GameHack
6/1/2015

F-Secure
Gen:Variant.Kazy.491401
11.2015-01-06_2

G Data
Gen:Variant.Kazy.491401
15.6.25

IKARUS anti.virus
Virus.Win32.DelfInject
t3scan.1.9.2.0

K7 AntiVirus
Unwanted-Program
13.204.16089

McAfee
Artemis!ED6339557335
5600.6748

Microsoft Security Essentials
VirTool:Win32/DelfInject
1.1.11701.0

MicroWorld eScan
Gen:Variant.Kazy.491401
16.0.0.456

Panda Antivirus
Generic Suspicious
15.06.01.09

Qihoo 360 Security
Win32/Trojan.ab8
1.0.0.1015

Quick Heal
Trojan.Del.ga
6.15.14.00

Sophos
Generic PUA BP
4.98

Trend Micro House Call
TROJ_GEN.R08OC0EEE15
7.2.152

Trend Micro
TROJ_GEN.R08OC0EEE15
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
40728

ViRobot
Trojan.Win32.S.Agent.6771204[h]
2014.3.20.0

File size:
6.5 MB (6,771,204 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\woxharbjpgk.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:6XhhOmHeDCE1Q78LeEiTys9X2pp2bAt1v7okuW:sObZQ78LViTyMMpoAt1vf3

Entry address:
0xD15519

Entry point:
E9, EB, A4, 01, 00, 79, 1F, 60, 4D, 71, B5, 9C, D2, 9C, 93, AB, 42, AE, 36, 1D, 5A, D4, FE, 82, 77, F6, 45, 3C, 5B, 54, 15, 59, 01, BD, 2C, 5B, 05, 9F, DE, E1, 15, B2, 61, 4C, 53, ED, 90, 9E, 7F, EC, AF, AF, 0D, 2E, 27, 39, E9, 0A, C6, 07, 8E, 8A, B0, 94, 99, 78, D8, 1D, E8, C4, FF, AD, 34, BA, 45, 38, 2A, 76, 60, 2F, A4, 2F, AF, 18, A5, C2, C7, E7, 0C, 02, 3C, 26, DD, EE, 3D, F5, 9C, 77, 22, 5B, E6, F7, D5, D8, DC, F2, C3, FF, 67, 1C, 4C, EA, 01, 47, D6, 8D, 9B, 80, 78, 07, 59, F3, 5B, 27, 9C, 45, 38, 3F...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.5 MB (1,587,712 bytes)

The file woxharbjpgk.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to n1nlhg29c053.shr.prod.ams1.secureserver.net  (188.121.46.128:80)

Remove woxharbjpgk.exe - Powered by Reason Core Security