» xxx_video.exe
Overview
Analysis
File Details
Downloads (1)

xxx_video.exe

Asleep

Urn Lines

The executable xxx_video.exe has been detected as malware by 18 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from longhanbi.client.jp.

File name:

xxx_video.exe

Publisher:

Urn Lines

Product:

Asleep

Description:

Ely Tina Leafy

Version:

90.70.102.18

MD5:

1023d60bf9b7a24dfc638e841694d346

SHA-1:

ddcb9aef6d680fe653827cbe8629aa1482d43670

SHA-256:

2638bd900b3c7afb08f000b64f8e8e7c1e021dbb00029ecd3b84e3a9cbba247a

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

11/27/2024 6:36:37 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.PornoAsset

2011.07.14

Avira AntiVirus

TR/Ransom.PornoAsset.ajb

7.11.11.130

avast!

Win32:Malware-gen

2014.9-160408

Bitdefender

Trojan.Generic.KDV.286352

1.0.20.495

Comodo Security

Heur.Suspicious

9372

Dr.Web

Trojan.Winlock.3300

9.0.1.099

Emsisoft Anti-Malware

Trojan-Ransom.Win32.PornoAsset!IK

8.16.04.08.06

ESET NOD32

Win32/LockScreen.AGD

10.6292

F-Prot

W32/Agent.P.gen

v6.4.6.2.117

F-Secure

Trojan.Generic.KDV.286352

11.2016-08-04_6

G Data

Trojan.Generic.KDV.286352

16.4.22

IKARUS anti.virus

Trojan-Ransom.Win32.PornoAsset

t3scan.1.1.104.0

K7 AntiVirus

Riskware

13.108.4901

Kaspersky

Trojan-Ransom.Win32.PornoAsset

14.0.0.391

Panda Antivirus

Trj/CI.A

16.04.08.06

Rising Antivirus

Suspicious

23.00.65.16406

Sophos

Mal/Generic-L

4.67

VIPRE Antivirus

Trojan.Win32.Generic

9855

File size:

34 KB (34,816 bytes)

Product version:

90.70.102.18

Original file name:

Reno.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\xxx_video.exe

File PE Metadata

Compilation timestamp:

12/10/2006 2:36:11 PM

OS version:

9.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.3

CTPH (ssdeep):

768:zTBOFG5GnaKuehZsB+NUNYm1QM3bjr46NVZtSraZa:zVOvaisYUl6Wjr4o+rma

Entry address:

0x33460

Entry point:

60, BE, 00, C0, 42, 00, 8D, BE, 00, 50, FD, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

32 KB (32,768 bytes)

The file xxx_video.exe has been seen being distributed by the following URL.

http://longhanbi.client.jp/xxx_video.exe

Remove xxx_video.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.