» xvhvef.exe
Overview
Analysis
File Details
Downloads (1)

xvhvef.exe

PuTTY suite

Simon Tatham

The executable xvhvef.exe has been detected as malware by 15 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from a.pomf.cat.

File name:

xvhvef.exe

Publisher:

Simon Tatham

Product:

PuTTY suite

Description:

PuTTY

Version:

Release0.66.6.0

MD5:

d59147236cb9ed2474822b0998e7f945

SHA-1:

e2366a28b4edbf337be887ed832d8de853200c93

SHA-256:

a388d703e4e931063392dd1a8936a07d93fd9aee0d3381260048bc49f13a9c15

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

11/27/2024 8:48:14 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Generic!c

2.1.4+

Avira AntiVirus

TR/Dropper.MSIL.etxo

8.3.3.4

avast!

Win32:Malware-gen

2014.9-160428

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.16428

Dr.Web

Trojan.Inject2.19540

9.0.1.0119

ESET NOD32

MSIL/Injector.OWU (variant)

10.13349

G Data

Win32.Trojan.Agent.0DBVXY

16.4.25

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.294

Malwarebytes

Trojan.Redlonam

v2016.04.28.02

McAfee

Artemis!D59147236CB9

5600.6416

NANO AntiVirus

Trojan.Win32.Inject2.ebohli

1.0.30.7834

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16426

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

48708

File size:

1.4 MB (1,454,080 bytes)

Product version:

Release0.66.6.0

Original file name:

fggggggdsssssssgggs.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\xvhvef.exe

File PE Metadata

Compilation timestamp:

4/10/2016 3:39:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:w4eibv5oDquJI8seBsxtl7YNnolaUlLONkK5PlPO1O1QALkcDsGi993wa5oYEMKx:w4e1yOA7YWYtfLRsWpGA2i

Entry address:

0x155CA0

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.3 MB (1,392,128 bytes)

The file xvhvef.exe has been seen being distributed by the following URL.

https://a.pomf.cat/xvhvef.exe

Remove xvhvef.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.