home

a bootable usb.exe

A bootable USB

This is a setup program which is used to install the application. The file has been seen being downloaded from xmt0yw.bay.livefilestore.com and multiple other hosts.
Product:
A bootable USB

Version:
0, 9, 0, 4

MD5:
a6effc940e1cb5ecfa46b480d25a1fc8

SHA-1:
0ad975b35b473323541bfeef3c6cd05b756882d0

SHA-256:
67af7752c7cc8c824bebe69e10fc0c4f46db2c79cb79f5e247fb4f3afc2260ba

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 6:09:51 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

File size:
1018.9 KB (1,043,306 bytes)

Product version:
0. 9. 0. 4

Copyright:
Copyright (c) 2009 Aris (feraris20@hotmail.com)

Original file name:
ABUSB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\a bootable usb\a bootable usb.exe

File PE Metadata
Compilation timestamp:
12/24/2008 10:00:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:JTL86M47aelGQJ24H+UDbIyNKfpH6TVRF3qyMJTrzfWApO9Pe2:JnlMAaS24HRDbI6K5OMRH1pO9Pe2

Entry address:
0x17770

Entry point:
B8, FC, 5D, 4B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, DF, 94, 9D, 8E, 31, 67, D2, 6C, 21, 5C, 7C, A8, 58, E0, 4F, B3, 9C, 49, 78, F8, 01, 47, 99, 7B, 1A, 7C, C9, 01, 9A, 10, F4, 78, 93, FB, B9, 3C, 59, EF, EB, F4, F1, 2E, C5, BE, 15, 51, F6, F1, AF, 96, 67, D2, C6, 2B, 3C, BD, 73, 8D, 80, 2F, E9, 7C, 3B, AB, 5E, 78, 8A, A4, 41, AB, AB, 3A, 35, 15, 45, BD, 73, DB, DA, CD, 98, D3, 47, 5A, FC, 05, A8, 32, F7, 6F, 5B, 07, 00...
 
[+]

Packer / compiler:
PECompact v2

Code size:
495.5 KB (507,392 bytes)

The file a bootable usb.exe has been seen being distributed by the following 3 URLs.

https://xmt0yw.bay.livefilestore.com/.../USB_old.exe

http://www.cdrinfo.pl/.../USB.exe&id=9193090644&baza=soft

http://szkielkoioko.xsk.pl/home/playersc/domains/szkielkoioko.xsk.pl/public_html/wp-content/uploads/2009/.../2009/.../USB.exe

Scan a bootable usb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.