home

zuhr9213yg5r42378915r213.exe

IcoFX

IcoFX Software

The executable zuhr9213yg5r42378915r213.exe, “IcoFX - The Professional Icon Editor” has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from www24.zippyshare.com.
Publisher:
IcoFX Software

Product:
IcoFX

Description:
IcoFX - The Professional Icon Editor

Version:
2.12.1.0

MD5:
cbca921f4d974f191b6d101f62f4b92e

SHA-1:
369f301fcc5079fc50a9e8af5d831a790b2a9fc0

SHA-256:
b6553265cb96cab268a7cbf5c98eb48f88ab3c687e2fdbcbcd39989f6659d43e

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/25/2024 9:49:17 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Genome
2016.05.15

avast!
Win32:Malware-gen
2014.9-160517

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.200

McAfee
Dropper-FQR!CBCA921F4D97
5600.6397

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

File size:
812.2 KB (831,704 bytes)

Product version:
2.12.1

Copyright:
Copyright (C) 2005 - 2015 IcoFX Software

Trademarks:
IcoFX

Original file name:
IcoFX2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\nbiuge3t7923g593i2u5325\zuhr9213yg5r42378915r213.exe

File PE Metadata
Compilation timestamp:
5/14/2016 8:16:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:n6alsQc2BVKjwbb69pu9odQ3zR0yyeAB1BitvVtcPNYPnOzfkDkOmzBkWPaoDkhZ:6CrwHK6Q3znyh1BmHANYPnOgIOk

Entry address:
0x635BA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 0B, 52, 02, 80, 10, 00, 00, 00, D9, 52, 02, 80, 18, 00, 00, 00, 9D, 56, 02, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00...
 
[+]

Entropy:
4.8479

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
389.5 KB (398,848 bytes)

The file zuhr9213yg5r42378915r213.exe has been seen being distributed by the following URL.

http://www24.zippyshare.com/d/KZbHDphR/.../RC7 (Beta Release).exe

Remove zuhr9213yg5r42378915r213.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.