LOAD[1].EXE, Prevx

Associated Malware Groups

The filename is associated with the malware groups:

System Back Door
Cloaked Malware
Malware Dropper
P2P Share Worm
Malicious Software

File Behavior

LOAD[1].EXE has been seen to perform the following behavior:

Executes Processes stored in Temporary Folders
This process creates other processes on disk
Writes to another Process's Virtual Memory (Process Hijacking)
Can communicate with other computer systems using HTTP protocols
Hooks the WININET.DLL function allowing it to read or copy Http and Https web page content and session information
Executes a Process
Installs a browser helper object (BHO)
Injects code into other processes
Creates new folders on the system
This Process Deletes Other Processes From Disk
Creates a new Background Service on the machine
Changes the Windows Security Center to stop Antivirus status alerts from being displayed
Changes the Windows Security Center to stop Firewall status alerts from being displayed
Changes the Windows Security Center to stop Firewall override alerts from being displayed
Changes the Windows Security Center to stop warnings from being displayed if automatic Windows Updates are not enabled
Registers a Dynamic Link Library File
The Process is packed and/or encrypted using a software packing process
Modifies System Runtime Policies to limit system usability
Copies files
Found on infected systems and resists interrogation by security products
Uses rootkit techniques to conceal its presence, interrogation or removal
Uses low level functions to hide itself from the user and from system/security processes

LOAD[1].EXE has been the subject of the following behavior:

Created as a process on disk
Executed as a Process
Deleted as a process from disk
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
Registered as a Dynamic Link Library File
Copied to multiple locations on the system
Added as a Registry auto start to load Program on Boot up
Executed from Temporary Folders
Added as a Link in the Start Menu
Deleted as a Link in the Start Menu

Country Of Origin

The filename LOAD[1].EXE was first seen on Oct 26 2007 in the following geographical regions of the Webroot community:

Spain on Oct 26 2007
Germany on Mar 12 2008
Sweden on Sep 15 2008
Europe on Sep 27 2009
Malaysia on Sep 27 2009
Romania on Dec 5 2009
Russian Federation on Dec 5 2009
The United Kingdom on Apr 21 2010
The United States on Aug 9 2010
Netherlands on Aug 9 2010
Turkey on May 16 2012

File Name Aliases

LOAD[1].EXE can also use the following file names:

FILE.EXE
LOADCA075C3L.EXE
LOADCA3M5GXS.EXE
LOADCA3YP1K4.EXE
LOADCA67X0IM.EXE
LOADCA7MTX6W.EXE
LOADCAB10ZI8.EXE
LOADCABLLZZE.EXE
LOADCACPV1C5.EXE
LOADCAGJDEG4.EXE
LOADCAHU8BDX.EXE
LOADCAJKG04J.EXE
LOADCAJOT570.EXE
LOADCAKMD3KC.EXE
LOADCANOCSOS.EXE
LOADCANYX0BD.EXE
LOADCAOP9CH9.EXE
LOADCAQHBN5U.EXE
LOADCAR741ST.EXE
LOADCARMJ1A0.EXE
LOADCARR8YA3.EXE
LOADCAWKBUQ3.EXE
LOADCAXI7817.EXE
LOADCAY6YQ1K.EXE
LOAD[nn].EXE
LOADCA0P3WOS.EXE
LOADCA38750J.EXE
LOADCA6F7IDB.EXE
LOADCA6WM8C0.EXE
LOADCA8K9MK2.EXE
LOADCA9VP1KD.EXE
LOADCAA1L253.EXE
LOADCADR83O0.EXE
LOADCAEHUQU4.EXE
LOADCAEICDUX.EXE
LOADCAF5HO3W.EXE
LOADCAGBXNFE.EXE
LOADCAGWNO7R.EXE
LOADCAHMKXG6.EXE
LOADCAK4HPL1.EXE
LOADCAKHJI83.EXE
LOADCAKO4FI4.EXE
LOADCALD68YX.EXE
LOADCAOAR123.EXE
LOADCAPFY0E5.EXE
LOADCAVK7LCI.EXE
LOADCAWKD94U.EXE
LOADCAZG188D.EXE
LOADCA0P6S3E.EXE
LOADCA16KTUP.EXE
LOADCA3XDGJY.EXE
LOADCA7XTH7T.EXE
LOADCA85NA81.EXE
LOADCA901V1L.EXE
LOADCAB7H9PA.EXE
LOADCACVW762.EXE
LOADCADZAUU4.EXE
LOADCAJJSKCB.EXE
LOADCAK1P1CT.EXE
LOADCALO3YFS.EXE
LOADCALUT423.EXE
LOADCAMSZDRF.EXE
LOADCAPKYS9Y.EXE
LOADCAQ6N8F9.EXE
LOADCASC87X1.EXE
LOADCASLVH9X.EXE
LOADCASVJBWR.EXE
LOADCAV81I44.EXE
LOADCAVRMNJZ.EXE
LOADCAXSRVM0.EXE
LOADCAXV1T5S.EXE
LOADCA0GNGLO.EXE
LOADCA6MW0JY.EXE
LOADCAAB5FSZ.EXE
LOADCAAJN8QW.EXE
LOADCABVI09Z.EXE
LOADCACXQGO6.EXE
LOADCAEF1IEJ.EXE
LOADCAF8TB9J.EXE
LOADCAFPQB50.EXE
LOADCAG3HH73.EXE
LOADCAJ0249O.EXE
LOADCAL2YCKX.EXE
LOADCAMPBGDD.EXE
LOADCARBH7BY.EXE
LOADCASXS5L9.EXE
LOADCAUAMK1J.EXE
LOADCAVN6V49.EXE
LOADCAVSNAIX.EXE
LOADCAW0RTEO.EXE
LOADCAX21PB7.EXE
LOADCAXBZTCT.EXE
LOADCAZS32CR.EXE
PDFUPD.EXE
SISZYD32.EXE
SVCHOST.EXE
FILE_2.EXE
FFDCAHL.EXE
LOAD[2].EXE
AUTOEXEC.EXE
LSASS.EXE
UPDATE4303[1].EXE
UPDATES.EXE
LOAD.EXE
LOAD.EXE[1].EXE
N.EXN
E.EXE
1AF730E.EXE
447.EXE
957123844.EXE
957123845.EXE
BIN
67428.EXE
16909983.EXE
39590629.DAT
53992615.DAT

Filesizes

The following file size has been seen:

23,040 bytes
19,968 bytes
20,992 bytes
52,736 bytes
147,456 bytes
16,896 bytes
79,360 bytes
39,424 bytes

File Type

The filename LOAD[1].EXE refers to many versions of an executable program.

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

The filename referred to in this report is often associated with PC infections. If you have a program of this name on your PC and would like to help our research please tell us what you know in the form below:

I have this file on my PC and believe it is an infection
I have this file on my PC and think it has made my PC slower
My firewall asked if I wanted to let this file have access to the Internet
My PC will not work since I noticed this file on it
My antivirus detected this file but won't remove it
I know what this file is and believe it is a Safe program
I am the author of this file and would like to discuss how to have it reclassified as safe

Further Comments or information you'd like to share: (optional)

Your email address if you would like us to contact you about this file and any concerns you may have: (optional)

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

LOAD[1].EXE