adobe online.com

The file adobe online.com has been detected as malware by 13 anti-virus scanners. While running, it connects to the Internet address double6.holm.ru on port 80 using the HTTP protocol.
MD5:
61ad96cf038b6bb34a51af9edea2eab1

SHA-1:
0276f65113369f0dedc2ac0ea45aa808e289e608

SHA-256:
7e8ad92fa8cfdb547520ca24630b0a476c6e21315e077fdb316ce2933ffb6e9d

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/27/2024 1:39:01 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160327-1

AVG
Win32/Vitru
2015.0.4355

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Worm.Generic.376207
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

F-Secure
Worm.Generic.376207
5.15.96

Kaspersky
Worm.Win32.AutoRun
15.0.0.562

McAfee
Virus.W32/Pitin.worm
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.373.0

Norman
Worm.Generic.376207
02.04.2016 17:35:19

Sophos
Virus 'Mal/Sality-D'
5.23

VIPRE Antivirus
Threat.4721115
29708

File size:
3.8 MB (4,005,888 bytes)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\adobe online.com

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:b+FESWZAmnHp3QIenwNxN7GlVW2+1cPuJV0zLoc:YzWZZHpkn2DilV0uMV2o

Entry address:
0x110C

Entry point:
60, 88, E5, 0F, BD, D0, 0F, BA, FD, E8, F3, 4B, B1, 0F, F2, FF, CA, 8D, 3D, A1, 38, 42, 7C, 0F, AF, FD, 28, FF, 3D, 58, 86, 00, 00, 77, 07, 18, C2, 29, C1, C6, C5, 35, 3D, B8, E8, 00, 00, 0F, C9, C1, C0, F6, FE, CC, 0F, BD, E8, 48, 8A, C8, E8, 00, 00, 00, 00, 87, C6, 80, DE, 16, 0F, AF, FF, 0F, AD, DF, F6, C2, D5, 69, F3, 7C, C4, C7, 7C, B9, 82, 6F, B7, EE, 69, C1, 27, 0F, DC, B0, 6B, D2, 00, 0F, BF, F9, 33, D5, 0F, BE, CA, FE, C0, 81, FA, C3, ED, 00, 00, 78, 05, 2B, F9, 0F, AF, CB, 33, DA, 86, E1, 5A, F7...
 
[+]

Entropy:
1.7830

Code size:
24 KB (24,576 bytes)

User Start Menu Item
Name:
Adobe Online.com


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to win05-host-kb.turkticaret.net  (31.186.8.105:80)

TCP (HTTP):
Connects to s70.linuxpl.com  (78.46.92.68:80)

TCP (HTTP):
Connects to s3.pdg.pl  (91.205.75.118:80)

TCP (HTTP):
Connects to apache2-bongo.bleckley.dreamhost.com  (208.113.169.240:80)

TCP (HTTP):
Connects to double6.holm.ru  (89.108.91.182:80)

TCP (HTTP):
Connects to double5.holm.ru  (89.108.91.180:80)

Remove adobe online.com - Powered by Reason Core Security