» xenoxmt2 launcher.exe
Overview
Analysis
File Details
Downloads (1)
Network (6)

xenoxmt2 launcher.exe

Katherina Walensky

The application xenoxmt2 launcher.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from przeklej.net. While running, it connects to the Internet address ns3284106.ip-5-135-178.eu on port 65000.

File name:

Publisher:

Katherina Walensky

Version:

1, 0, 0, 1

MD5:

fea05b1e642b14e5cad7471d87a9d8a1

SHA-1:

5c8200f1ef01b499d6263f46018a09ab66fb1a3e

SHA-256:

9a1ae6b31dfe450eb708fc2a1c23c8f51ff0fbd6777f492b25d4bafbbd441fb0

Scanner detections:

33 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 7:32:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.200

821

Agnitum Outpost

Backdoor.Bifrose

7.1.1

AhnLab V3 Security

Backdoor/Win32.Buzy

2014.10.30

Avira AntiVirus

TR/Crypt.MWPM.Gen

7.11.182.42

AVG

Generic5_c

2015.0.3299

Baidu Antivirus

Trojan.Win32.GameTool

4.0.3.14116

Bitdefender

Gen:Variant.Barys.200

1.0.20.1550

Bkav FE

W32.Clod154.Trojan

1.3.0.6185

Comodo Security

Backdoor.Win32.Agent.CFRW

19934

Dr.Web

Trojan.Click2.51276

9.0.1.0310

Emsisoft Anti-Malware

Gen:Variant.Barys.200

8.14.11.06.05

ESET NOD32

Win32/GameTool

8.10639

Fortinet FortiGate

W32/Injector.DH!tr

11/6/2014

F-Prot

W32/Bifrost.AD.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Barys.200

11.2014-06-11_5

G Data

Gen:Variant.Barys.200

14.11.24

IKARUS anti.virus

PUA.MoleboxVS

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13840

Malwarebytes

Backdoor.Xtrat

v2014.11.06.05

McAfee

BackDoor-FACW!FEA05B1E642B

5600.6955

MicroWorld eScan

Gen:Variant.Barys.200

15.0.0.930

NANO AntiVirus

Trojan.Win32.Inject.mszcn

0.28.6.62995

Norman

Bifrose.CRNB

11.20141106

Qihoo 360 Security

HEUR/Malware.QVM02.Gen

1.0.0.1015

Rising Antivirus

PE:Backdoor.Bifrose!6.6E0

23.00.65.141104

Sophos

Troj/SSonce-B

4.98

Total Defense

Win32/Bifrose.BND

37.0.11253

Trend Micro House Call

TROJ_SPNR.15L912

7.2.310

Trend Micro

TROJ_SPNR.35EF13

10.465.06

Vba32 AntiVirus

Trojan.Genome.ak

3.12.26.3

VIPRE Antivirus

Trojan.Win32.SSonce.b

34342

ViRobot

Backdoor.Win32.A.Bancodor.1863896

2011.4.7.4223

Zillya! Antivirus

Trojan.Genome.Win32.201426

2.0.0.1972

File size:

3.1 MB (3,201,216 bytes)

Product version:

1, 0, 0, 1

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

7/25/2011 12:45:39 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

98304:YBvIhpHv9JieZGnXgAL9Nbj8VXxtxr39An/vw:Yqhdvu2GXg+UxtZ9AXw

Entry address:

0x1280

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 01, 00, 00, 00, FF, 15, 1C, 83, 40, 00, E8, B8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 1C, 83, 40, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 34, 83, 40, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 28, 83, 40, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, 3D, 10, B1, 40, 00, 00, 75, 0A, C7, 05, 10, B1, 40, 00, E8, 61, 40, 00, A1, 10, B1, 40, 00, 5D, C3, 55, 89, E5... 
[+]

Packer / compiler:

MingWin32 - Dev C++ v4.x (h)

Code size:

21 KB (21,504 bytes)

The file xenoxmt2 launcher.exe has been seen being distributed by the following URL.

http://przeklej.net/download.php?file_id=81155

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to ns3284106.ip-5-135-178.eu (5.135.178.216:13002)

Remove xenoxmt2 launcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.