» abb1213.tmp
Overview
Analysis
File Details
Network (53)

abb1213.tmp

The file abb1213.tmp has been detected as malware by 28 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address web.alganet.fr on port 80 using the HTTP protocol.

File name:

abb1213.tmp

MD5:

533cb6eaefdbf6e87f8f1c32e702ce89

SHA-1:

2cc7b0d285fea1bfefb682015f0f376586d0038a

SHA-256:

b0a6b5e5af599a8aeb2cef32393939cc2e8e83731509c903e076110a417635c9

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

11/23/2024 6:46:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11197694

840

AhnLab V3 Security

Spyware/Win32.Zbot

14.10.18

Avira AntiVirus

TR/ATRAPS.Gen

7.11.143.202

avast!

Win32:Kryptik-NRD [Trj]

2014.9-141018

AVG

Downloader.Generic13

2015.0.3318

Baidu Antivirus

Trojan.Win32.Wigon

4.0.3.141018

Bitdefender

Trojan.Generic.11197694

1.0.20.1455

Bkav FE

HW32.Laneul

1.3.0.4959

Dr.Web

BackDoor.Bulknet.1150

9.0.1.0291

Emsisoft Anti-Malware

Trojan.Generic.11197694

8.14.10.18.12

ESET NOD32

Win32/Wigon.PH

8.9684

Fortinet FortiGate

W32/Wigon.PH!tr

10/18/2014

F-Secure

Trojan.Generic.11197694

11.2014-18-10_7

G Data

Trojan.Generic.11197694

14.10.24

IKARUS anti.virus

Trojan-Downloader.Win32.Cutwail

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.176.11777

Kaspersky

Trojan.Win32.Agentb

14.0.0.3085

Malwarebytes

Spyware.Password

v2014.10.18.12

McAfee

Artemis!533CB6EAEFDB

5600.6974

Microsoft Security Essentials

TrojanDownloader:Win32/Cutwail.BS

1.10501

MicroWorld eScan

Trojan.Generic.11197694

15.0.0.873

nProtect

Trojan.Generic.11197694

14.04.16.01

Panda Antivirus

Generic Malware

14.10.18.12

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DDE14

7.2.291

Trend Micro

TROJ_GEN.R0CBC0DDE14

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

28282

File size:

61.5 KB (62,976 bytes)

Common path:

C:\users\{user}\appdata\local\temp\abb1213.tmp

File PE Metadata

Compilation timestamp:

4/11/2014 4:23:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:Ls++3kdbXvTb61IUVMlwrnM9XZUc/XYa0r6tjOt78+Lb6H0+FHnDajQKb2GGOHh:Ls++STISlqnM9J5Xw6xH06HHu0dGX

Entry address:

0x1014

Entry point:

6A, 00, E8, 11, 02, 00, 00, A3, 30, 40, 40, 00, 6A, 00, 6A, 00, 68, 55, 40, 40, 00, 83, 04, 24, 07, B8, 38, 12, 40, 00, FF, D0, 50, 68, 76, 40, 40, 00, BF, 2C, 12, 40, 00, FF, D7, A3, 3C, 40, 40, 00, 68, 26, 06, 00, 00, 81, 2C, 24, 18, 06, 00, 00, 68, 97, 50, 40, 00, 81, 04, 24, 21, 00, 00, 00, FF, 35, 3C, 40, 40, 00, 8D, 3D, C7, 50, 40, 00, FF, D7, 5B, A3, 38, 40, 40, 00, FF, 35, FB, 40, 40, 00, 8F, 05, 38, 40, 40, 00, C7, 05, 34, 40, 40, 00, 20, 12, 40, 00, 8D, 3D, 04, 40, 40, 00, B9, 18, 00, 00, 00, 33... 
[+]

Packer / compiler:

TASM / MASM

Code size:

1024 Bytes (1,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ns344497.ip-178-33-227.eu (178.33.227.198:80)

TCP (HTTP):

Connects to 107.154.193.92.ip.incapdns.net (107.154.193.92:80)

TCP (HTTP):

Connects to webserver.spider4web.it (95.110.203.75:80)

TCP (HTTP):

Connects to srv30.gepcom.com (208.66.193.80:80)

TCP (HTTP):

Connects to server88-208-252-9.fasthosts.net.uk (88.208.252.9:80)

TCP (HTTP):

Connects to ns339617.ip-176-31-248.eu (176.31.248.197:80)

TCP (HTTP):

Connects to ns.jeansmate.co.jp (211.1.230.105:80)

TCP (HTTP):

Connects to no-ptr.easyvserver.com (62.233.105.171:80)

TCP (HTTP):

Connects to nakedcumshots.com (64.59.81.104:80)

TCP (HTTP):

Connects to mhintdin-unix.alicomitalia.it (95.110.192.171:80)

TCP (HTTP):

Connects to ip-50-63-84-77.ip.secureserver.net (50.63.84.77:80)

TCP (HTTP):

Connects to Infotechcg.com (67.18.185.98:80)

TCP (HTTP):

Connects to h2306615.stratoserver.net (85.214.37.62:80)

TCP (HTTP):

Connects to ec2-54-171-199-198.eu-west-1.compute.amazonaws.com (54.171.199.198:80)

TCP (HTTP):

Connects to cluster003.ovh.net (213.186.33.4:80)

TCP (HTTP):

Connects to anderson.cust.wessexnetworks.com (109.74.242.174:80)

TCP (HTTP):

Connects to 207-150-203-38.aus.us.siteprotect.com (207.150.203.38:80)

TCP (HTTP):

Connects to ec2-54-85-149-135.compute-1.amazonaws.com (54.85.149.135:80)

TCP (HTTP):

Connects to yjh.hostposter.com (69.65.11.200:80)

TCP (HTTP):

Connects to xvm-24-130.dc0.ghst.net (92.243.24.130:80)

Remove abb1213.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.