home

{0e823de9-a552-420d-a1de-96a3388f7c36}

The file {0e823de9-a552-420d-a1de-96a3388f7c36} has been detected as malware by 36 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from s1.directxex.com.
MD5:
cfad7cf85ea74ebe39626e81bafd78d2

SHA-1:
74981697e5ecb6870c8c60de2cd87a5c4974f2c9

SHA-256:
6c300ba1f5c29f2009d087382a378e18113435b4c7e551db5edfa52eabbd7128

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/30/2024 3:34:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.Elzob.13803
856

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
2014.07.17

Avira AntiVirus
BDS/Bladabindi.bcgj
7.11.161.52

avast!
MSIL:GenMalicious-V [Trj]
2014.9-141002

AVG
PSW.ILUSpy
2015.0.3334

Baidu Antivirus
Trojan.MSIL.Bladabindi
4.0.3.14102

Bitdefender
Gen:Variant.Zusy.Elzob.13803
1.0.20.1375

Comodo Security
TrojWare.MSIL.Bladabindi.KX
18868

Dr.Web
Trojan.DownLoader10.45391
9.0.1.0275

Emsisoft Anti-Malware
Gen:Variant.Zusy.Elzob.13803
8.14.10.02.03

ESET NOD32
MSIL/Bladabindi (variant)
8.10106

Fortinet FortiGate
W32/Generic!tr
10/2/2014

F-Prot
W32/MSIL_Bladabindi.J.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.Elzob.13803
11.2014-02-10_5

G Data
Gen:Variant.Zusy.Elzob.13803
14.10.24

IKARUS anti.virus
Trojan.Msil
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12747

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3164

Malwarebytes
Trojan.MSIL
v2014.10.02.03

McAfee
BackDoor-FBIB!CFAD7CF85EA7
5600.6990

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.10802

MicroWorld eScan
Gen:Variant.Zusy.Elzob.13803
15.0.0.825

NANO AntiVirus
Trojan.Win32.DownLoader10.dbxzfj
0.28.2.60881

Norman
MSIL.BZ
11.20141002

Panda Antivirus
Generic Malware
14.10.02.03

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Rising Antivirus
PE:Backdoor.Bot!1.6675
23.00.65.14930

Sophos
Mal/Bbindi-C
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Barys
10325

Total Defense
Win32/Bladabindi.LdcGRLB
37.0.11062

Trend Micro House Call
Suspicious_GEN.F47V0610
7.2.275

Trend Micro
BKDR_BLADABI.SMC
10.465.02

Vba32 AntiVirus
Trojan.MSIL.Agent
3.12.26.3

VIPRE Antivirus
Trojan.MSIL.Bladabindi.agxy
31326

ViRobot
Trojan.Win32.S.Jorik.80384.AC
2011.4.7.4223

File size:
78.5 KB (80,384 bytes)

File PE Metadata
Compilation timestamp:
6/11/2014 1:41:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:H74w0psKhG29jGDL02ATJ53IIUl9GCRa673:swsLA29q02ewBxRa6D

Entry address:
0x8B0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
27 KB (27,648 bytes)

The file {0e823de9-a552-420d-a1de-96a3388f7c36} has been seen being distributed by the following URL.

http://s1.directxex.com/.../lHeNUyRnFNr2rPFelOXCAbntsJiT52K705kEgNXWEEHpm5U3aEom1bCK_GhEDjUqQIMf8z37NXu86H46QQSjvJAB4l1YHXPq2fTS

Remove {0e823de9-a552-420d-a1de-96a3388f7c36} - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.