abb1213.tmp

The file abb1213.tmp has been detected as malware by 28 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address web.alganet.fr on port 80 using the HTTP protocol.
MD5:
533cb6eaefdbf6e87f8f1c32e702ce89

SHA-1:
2cc7b0d285fea1bfefb682015f0f376586d0038a

SHA-256:
b0a6b5e5af599a8aeb2cef32393939cc2e8e83731509c903e076110a417635c9

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
12/24/2024 1:59:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11197694
840

AhnLab V3 Security
Spyware/Win32.Zbot
14.10.18

Avira AntiVirus
TR/ATRAPS.Gen
7.11.143.202

avast!
Win32:Kryptik-NRD [Trj]
2014.9-141018

AVG
Downloader.Generic13
2015.0.3318

Baidu Antivirus
Trojan.Win32.Wigon
4.0.3.141018

Bitdefender
Trojan.Generic.11197694
1.0.20.1455

Bkav FE
HW32.Laneul
1.3.0.4959

Dr.Web
BackDoor.Bulknet.1150
9.0.1.0291

Emsisoft Anti-Malware
Trojan.Generic.11197694
8.14.10.18.12

ESET NOD32
Win32/Wigon.PH
8.9684

Fortinet FortiGate
W32/Wigon.PH!tr
10/18/2014

F-Secure
Trojan.Generic.11197694
11.2014-18-10_7

G Data
Trojan.Generic.11197694
14.10.24

IKARUS anti.virus
Trojan-Downloader.Win32.Cutwail
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11777

Kaspersky
Trojan.Win32.Agentb
14.0.0.3085

Malwarebytes
Spyware.Password
v2014.10.18.12

McAfee
Artemis!533CB6EAEFDB
5600.6974

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail.BS
1.10501

MicroWorld eScan
Trojan.Generic.11197694
15.0.0.873

nProtect
Trojan.Generic.11197694
14.04.16.01

Panda Antivirus
Generic Malware
14.10.18.12

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0DDE14
7.2.291

Trend Micro
TROJ_GEN.R0CBC0DDE14
10.465.18

VIPRE Antivirus
Trojan.Win32.Generic
28282

File size:
61.5 KB (62,976 bytes)

Common path:
C:\users\{user}\appdata\local\temp\abb1213.tmp

File PE Metadata
Compilation timestamp:
4/11/2014 4:23:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
768:Ls++3kdbXvTb61IUVMlwrnM9XZUc/XYa0r6tjOt78+Lb6H0+FHnDajQKb2GGOHh:Ls++STISlqnM9J5Xw6xH06HHu0dGX

Entry address:
0x1014

Entry point:
6A, 00, E8, 11, 02, 00, 00, A3, 30, 40, 40, 00, 6A, 00, 6A, 00, 68, 55, 40, 40, 00, 83, 04, 24, 07, B8, 38, 12, 40, 00, FF, D0, 50, 68, 76, 40, 40, 00, BF, 2C, 12, 40, 00, FF, D7, A3, 3C, 40, 40, 00, 68, 26, 06, 00, 00, 81, 2C, 24, 18, 06, 00, 00, 68, 97, 50, 40, 00, 81, 04, 24, 21, 00, 00, 00, FF, 35, 3C, 40, 40, 00, 8D, 3D, C7, 50, 40, 00, FF, D7, 5B, A3, 38, 40, 40, 00, FF, 35, FB, 40, 40, 00, 8F, 05, 38, 40, 40, 00, C7, 05, 34, 40, 40, 00, 20, 12, 40, 00, 8D, 3D, 04, 40, 40, 00, B9, 18, 00, 00, 00, 33...
 
[+]

Packer / compiler:
TASM / MASM

Code size:
1024 Bytes (1,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns344497.ip-178-33-227.eu  (178.33.227.198:80)

TCP (HTTP):
Connects to 107.154.193.92.ip.incapdns.net  (107.154.193.92:80)

TCP (HTTP):
Connects to webserver.spider4web.it  (95.110.203.75:80)

TCP (HTTP):
Connects to srv30.gepcom.com  (208.66.193.80:80)

TCP (HTTP):
Connects to server88-208-252-9.fasthosts.net.uk  (88.208.252.9:80)

TCP (HTTP):
Connects to ns339617.ip-176-31-248.eu  (176.31.248.197:80)

TCP (HTTP):
Connects to ns.jeansmate.co.jp  (211.1.230.105:80)

TCP (HTTP):
Connects to no-ptr.easyvserver.com  (62.233.105.171:80)

TCP (HTTP):
Connects to nakedcumshots.com  (64.59.81.104:80)

TCP (HTTP):
Connects to mhintdin-unix.alicomitalia.it  (95.110.192.171:80)

TCP (HTTP):
Connects to ip-50-63-84-77.ip.secureserver.net  (50.63.84.77:80)

TCP (HTTP):
Connects to Infotechcg.com  (67.18.185.98:80)

TCP (HTTP):
Connects to h2306615.stratoserver.net  (85.214.37.62:80)

TCP (HTTP):
Connects to ec2-54-171-199-198.eu-west-1.compute.amazonaws.com  (54.171.199.198:80)

TCP (HTTP):
Connects to cluster003.ovh.net  (213.186.33.4:80)

TCP (HTTP):
Connects to anderson.cust.wessexnetworks.com  (109.74.242.174:80)

TCP (HTTP):
Connects to 207-150-203-38.aus.us.siteprotect.com  (207.150.203.38:80)

TCP (HTTP):
Connects to ec2-54-85-149-135.compute-1.amazonaws.com  (54.85.149.135:80)

TCP (HTTP):
Connects to yjh.hostposter.com  (69.65.11.200:80)

TCP (HTTP):
Connects to xvm-24-130.dc0.ghst.net  (92.243.24.130:80)

Remove abb1213.tmp - Powered by Reason Core Security