aimbot.exe

The executable aimbot.exe has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs13n1.sendspace.com.
MD5:
d9d3a9588e29429a9dea679f308bd833

SHA-1:
1bf4be47d3bc0bf250806acf003c63c208d28523

SHA-256:
e0dc742eb62b0c1663442b337eb078dc66a9b412cf0a28064e2760ade4f71358

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
12/26/2024 12:36:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1906491
185

Avira AntiVirus
BDS/Fynloski.A.17128
7.11.203.36

avast!
Win32:Agent-AUIU [Trj]
2014.9-160803

AVG
Generic11_c
2017.0.2663

Baidu Antivirus
Backdoor.Win32.DarkKomet
4.0.3.1683

Bitdefender
Trojan.GenericKD.1906491
1.0.20.1080

Comodo Security
UnclassifiedMalware
20773

Dr.Web
BackDoor.Comet.1783
9.0.1.0216

Emsisoft Anti-Malware
Backdoor.Win32.Fynloski
8.16.08.03.02

ESET NOD32
Win32/Fynloski.AA
10.11040

Fortinet FortiGate
W32/Fynloski.AA!tr
8/3/2016

F-Secure
Trojan.GenericKD.1906491
11.2016-03-08_4

G Data
Trojan.GenericKD.1906491
16.8.24

IKARUS anti.virus
Backdoor.Win32.Fynloski
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.191.14689

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.-190

McAfee
Artemis!D9D3A9588E29
5600.6319

Microsoft Security Essentials
Backdoor:Win32/Fynloski.A
1.11302

NANO AntiVirus
Trojan.Win32.Comet.dgyqcd
0.30.0.64448

Norman
Suspicious_Gen5.AWSDE
11.20160803

nProtect
Trojan.GenericKD.1906491
15.01.19.01

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Backdoor.Fynloski.g5
8.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.1763A4B2!392406194
23.00.65.16801

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R011C0DJG14
7.2.216

Trend Micro
TROJ_GEN.R011C0DJG14
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
36802

File size:
2.8 MB (2,962,944 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (Wielka Brytania)

Common path:
C:\users\{user}\downloads\aimbot.exe

File PE Metadata
Compilation timestamp:
10/5/2014 1:13:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:rkwkn9IMHea8+R9Tjbe5aMGTQppHTz9urSmZtZv6YsGGluq1Y8rKV3Xp0gasugpj:4dnVN9Tl92TArSmvZv6Yiu9Gu3XSgazf

Entry address:
0x26BF7

Entry point:
E8, 97, CF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 01, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03...
 
[+]

Code size:
560 KB (573,440 bytes)

The file aimbot.exe has been seen being distributed by the following URL.

Remove aimbot.exe - Powered by Reason Core Security