adobe online.com

The file adobe online.com has been detected as malware by 30 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. While running, it connects to the Internet address srv2.ampyazilim.com.tr on port 80 using the HTTP protocol.
MD5:
e10983b6a7430821157835728b1b3c4a

SHA-1:
0ef615ba15df43c52b530b2b873704d6989d483f

SHA-256:
36f488c38f93d432809b646c5b42d440fe374433b15780081387b4edc781f20b

Scanner detections:
30 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/23/2024 12:41:52 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2012.03.15

Avira AntiVirus
W32/Sality.AT
7.11.25.102

avast!
Win32:Sality
2014.9-160511

AVG
Worm/VB.10
2017.0.2746

Bitdefender
Worm.SillyShareCopy.E
1.0.20.660

Clam AntiVirus
Worm.VB-117
0.98/18155

Comodo Security
Virus.Win32.Sality.Gen
11794

Dr.Web
Win32.Sector.22
9.0.1.0132

Emsisoft Anti-Malware
Worm.Win32.AutoRun!IK
8.16.05.11.07

ESET NOD32
Win32/Sality.NBA
10.6967

F-Prot
W32/Sality.E.gen
v6.4.6.5.141

F-Secure
Worm.SillyShareCopy.E
11.2016-11-05_4

G Data
Worm.SillyShareCopy
16.5.22

IKARUS anti.virus
Worm.Win32.AutoRun
t3scan.1.1.118.0

K7 AntiVirus
Virus
13.133.6427

Kaspersky
Worm.Win32.AutoRun
14.0.0.226

McAfee
W32/Sality.gen.z
5600.6402

Microsoft Security Essentials
Worm:Win32/SillyShareCopy.E
1.163.1557.0

Norman
VBWorm.NHE
11.20160511

nProtect
Worm.SillyShareCopy.E
12.03.14.01

Panda Antivirus
W32/Sality.AA
16.05.11.07

Quick Heal
W32.Sality.U
5.16.12.00

Rising Antivirus
Worm.VB.ajx
23.00.65.16509

Sophos
Mal/Sality-D
4.73 TP

SUPERAntiSpyware
Trojan.Agent/Gen-Autorun[SillyShare]
9149

Trend Micro House Call
PE_SALITY.RL
7.2.132

Trend Micro
PE_SALITY.RL
10.465.11

Vba32 AntiVirus
Trojan.VBO.0348
3.12.16.4

VIPRE Antivirus
Virus.Win32.Sality.at
11667

ViRobot
Win32.Sality.N
2012.3.15.4987

File size:
116 KB (118,784 bytes)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\adobe online.com

File PE Metadata
Compilation timestamp:
1/28/2007 7:00:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:VkFJXgb4ESPUhdz8aZxGuTBfvBM4qsYptNreUB+Gay:WXgeSdzrZLFncTTBva

Entry address:
0x110C

Entry point:
4A, 0F, AF, E9, BE, F7, A0, D7, 52, FE, CA, 81, F9, DE, 41, 97, 26, 0F, AF, F0, 25, 19, 3C, DD, 90, 23, C3, 8D, 2D, 75, B4, CF, 06, 87, EA, B9, 9C, BF, 65, AA, 0F, B7, DB, 6A, 00, 58, 4B, 8D, 35, C9, CF, 4A, A2, 0D, 13, C0, 00, 00, 3D, 50, 05, 00, 00, 70, 03, 0F, AF, CE, 35, 3D, 5A, 00, 00, 42, 33, F8, 8A, CE, 0F, AF, CA, 0F, AF, DA, 85, C8, 76, 02, 33, C1, 85, EE, 71, 08, FE, CC, 8D, 05, 2B, 28, 35, 81, F7, C5, 90, C8, 1C, 78, 8D, 1D, 51, DB, C6, 86, 0F, BE, CB, 50, 8D, 05, FB, 06, 5B, 3F, 81, D5, 43, D2...
 
[+]

Entropy:
6.6313

Code size:
24 KB (24,576 bytes)

User Start Menu Item
Name:
Adobe Online.com


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 93-89-226-17.fbs.com.tr  (93.89.226.17:80)

TCP (HTTP):
Connects to srv2.ampyazilim.com.tr  (37.230.104.89:80)

Remove adobe online.com - Powered by Reason Core Security