Trojan s.exe

ThreatExpert’s awareness of the file “s.exe”:

Across all ThreatExpert reports, the file “s.exe” was mostly identified as a threat.
File “s.exe” has the following statistics:
Total number of reports analysed 611,932
Number of cases that involved the file “s.exe” 101
Number of incidents when this file was found to be a threat 62
Statistical volume of cases when “s.exe” was a threat 61%
Notes:

  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire – our behavioral antivirus solution.
The file “s.exe” is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AppData%\1.exe
%AppData%\blaah.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\hose.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\ldr.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\system 32\system.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe
%CommonAppData%\av1\av1.exe
%CommonAppData%\av1\av1i.exe
%CommonAppData%\av1\av1i2.exe
%CommonAppData%\av1\av1two.exe
%CommonAppData%\av1\qwprotect.dll
%CommonAppData%\av1\svchost.exe
%CommonAppData%\av2010\av2010.exe
%CommonAppData%\av2010\iedefender.dll
%CommonAppData%\av2010\svchost.exe
%CommonAppData%\dyned\eng_loc.exe
%CommonAppData%\e4a12b7\extraav.exe
%CommonAppData%\e4a12b7\ua2009.exe
%CommonAppData%\e4a12b7\valarm.exe
%CommonAppData%\e4a12b7\vmelt.exe
%CommonAppData%\e4a12b7\vsweep.exe
%CommonAppData%\fetion\fetionupdate.exe
%CommonAppData%\gav\sgav.exe
%CommonAppData%\n1\n1.exe
%CommonAppData%\n1\n1i.exe
%CommonAppData%\n1\n1two.exe
%CommonAppData%\n1\qwprotect.dll
%CommonAppData%\n1\svchost.exe
%CommonAppData%\nexon\ngm\ngmdll.dll
%CommonAppData%\qw2010\qw2010.exe
%CommonAppData%\qw2010\qw2010i.exe
%CommonAppData%\qw2010\qw2010i2.exe
%CommonAppData%\qw2010\qwprotect.dll
%CommonAppData%\qw2010\svchost.exe
Notes:

  • %AllUsersProfile% is a variable that specifies the all users’ profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
The file “s.exe” has the following possible countries of origin:
Origin Number of Incidents
China 22
Spain 1
The following threats are known to be associated with the file “s.exe”:
Threat Alias Number of Incidents
Trojan Horse [Symantec] 34
Mal/Generic-A [Sophos] 33
Trojan:Win32/Jhee.V [Microsoft] 23
Trojan.Win32.Runner.x [Kaspersky Lab] 20
Generic PUP.x!ce [McAfee] 16
not-a-virus:AdWare.Win32.Zhongsou.ce [Kaspersky Lab] 16
Generic.dx [McAfee] 14
not-a-virus:NetTool.Win32.TCPScan.a [Kaspersky Lab] 12
Trojan-Downloader.4293 [Ikarus] 12
Tool:Win32/Tcpportscan.C [Microsoft] 10
Trojan:Win32/Comronki!rts [Microsoft] 10
Win-Trojan/Downloader.4128.T [AhnLab] 10
Generic.dx!iwc [McAfee] 9
not-a-virus:AdWare.Win32.Zhongsou.cb [Kaspersky Lab] 9
Hacktool [Symantec] 8
Worm.Dasher.B [PC Tools] 8
Trojan.Generic [PC Tools] 6
Trojan.Win32.Jhee [Ikarus] 6
HackTool.HideWindows [PC Tools] 5
Trojan.Runner!sd6 [PC Tools] 5
Trojan.Win32.Small.lb [Ikarus] 5
Backdoor.Win32.Poison [Ikarus] 4
Mal/Behav-328, Mal/Behav-009 [Sophos] 4
not-a-virus:AdWare.Win32.Zhongsou.cm [Kaspersky Lab] 4
TROJ_JHEE.BU [Trend Micro] 4
Win-Trojan/Buzus.219648.J [AhnLab] 4
Win-Trojan/Poison.69632.X [AhnLab] 4
Adware.WSearch.O [PC Tools] 2
Adware-BDSearch [McAfee] 2
BackDoor-CEP.gen.g [McAfee] 2
Generic.dx!db [McAfee] 2
Mal/Behav-024 [Sophos] 2
New Malware.aq [McAfee] 2
not-a-virus:AdWare.Win32.Zhongsou.cp [Kaspersky Lab] 2
Packed.Win32.Klone [Ikarus] 2
Spy-Agent.bv.gen [McAfee] 2
Spyware.Ardakey [PC Tools] 2
Spyware.Ardakey [Symantec] 2
Spyware.MSNSpyMonitor [Symantec] 2
TROJ_SPAMTOOL.AN [Trend Micro] 2
Trojan.Pandex [Symantec] 2
VirTool:Win32/Injector.gen!AG [Microsoft] 2
VirTool:Win32/Vbinder.gen!G [Microsoft] 2
W32.SillyDC [Symantec] 2
W32.SillyFDC [Symantec] 2
W32/USBCasv [McAfee] 2
Win-Trojan/Midgare.32256 [AhnLab] 2
Win-Trojan/Xema.variant [AhnLab] 2
Worm:Win32/Taterf.B [Microsoft] 2
WORM_VB.CVL [Trend Micro] 2
Backdoor.Bifrose [Symantec] 1
Backdoor.Poison [Ikarus] 1
Backdoor.Sdbot!sd6 [PC Tools] 1
Backdoor.Trojan [Symantec] 1
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab] 1
Backdoor.Win32.Bifrose.kt [Kaspersky Lab] 1
Backdoor.Win32.Hupigon.dkl [Kaspersky Lab] 1
Backdoor.Win32.Hupigon.eoga [Kaspersky Lab] 1
Backdoor.Win32.Poison.ahf [Kaspersky Lab] 1
Backdoor.Win32.SdBot [Ikarus] 1
Backdoor.Win32.SdBot.kzk [Kaspersky Lab] 1
Backdoor.Win32.SdBot.lcm [Kaspersky Lab] 1
Backdoor-CEP.gen.q [McAfee] 1
BackDoor-DKI [McAfee] 1
BKDR_AHZE.NY [Trend Micro] 1
BKDR_AHZE.SMM [Trend Micro] 1
BKDR_BIFROSE.DZZ [Trend Micro] 1
Dropper/Stabs.48541 [AhnLab] 1
Infostealer [Symantec] 1
Mal/Behav-789 [Sophos] 1
Mal/Bifrose-X, Mal/Behav-352, Mal/Midgar-A, Mal/EncPk-FH [Sophos] 1
Mal/Emogen-P [Sophos] 1
Mal/EncPk-FH [Sophos] 1
Mal/EncPk-FL [Sophos] 1
Mal/Frethog-B [Sophos] 1
Mal/Taterf-B, Mal/EncPk-JS, Mal/Frethog-B [Sophos] 1
Malware.Gammima [PC Tools] 1
not-a-virus:AdWare.Win32.Zhongsou.cf [Kaspersky Lab] 1
not-a-virus:AdWare.Win32.Zhongsou.cq [Kaspersky Lab] 1
not-a-virus:RiskTool.Win32.Shutdown.c [Kaspersky Lab] 1
Packed/NSPack [PC Tools] 1
Packed/Upack [PC Tools] 1
PWS-Gamania.gen.o [McAfee] 1
Troj/Bifrose-XE [Sophos] 1
Troj/SmlDla-Fam [Sophos] 1
Trojan.DL.CKSPost.Gen [PC Tools] 1
Trojan.DR.Pandex.Gen.4 [PC Tools] 1
Trojan.Dropper [PC Tools] 1
Trojan.Dropper [Symantec] 1
Trojan.Midgare [Ikarus] 1
Trojan.Win32.Agent.cxqx [Kaspersky Lab] 1
Trojan.Win32.Agent.czcm [Kaspersky Lab] 1
Trojan.Win32.Midgare [Ikarus] 1
Trojan.Win32.Midgare.adxb [Kaspersky Lab] 1
Trojan-Downloader.Agent [PC Tools] 1
Trojan-Downloader.Win32.Agent.lbf [Kaspersky Lab] 1
Trojan-Downloader.Win32.Frethog [Ikarus] 1
TrojanDownloader:Win32/Agent [Microsoft] 1
Trojan-Dropper.VB!sd6 [PC Tools] 1
Trojan-Dropper.VB.epu [PC Tools]

Nguồn http://www.threatexpert.com/files/s.exe.html

Gửi phản hồi

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Log Out / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Log Out / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Log Out / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Log Out / Thay đổi )

Connecting to %s

%d bloggers like this: