AndroRat Binder.exe

AndroRat Binder

The application AndroRat Binder.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The file has been seen being downloaded from download2161.mediafire.com and multiple other hosts.
Product:
AndroRat Binder

Version:
1.0.0.4

MD5:
d2d5d395ac8ea45d6590dc0bde2c7750

SHA-1:
1dde8f7283a856b9327ead72bd131b7612e4a8b4

SHA-256:
dfeb2fa81380c29962c017cdb719bbcaf2aaca68b64001f2e242c75a46aa509f

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 11:30:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Hacktool.Androrat.A
1119

AhnLab V3 Security
HackTool/Win32.Androrat
2014.01.10

Avira AntiVirus
KIT/Andro.kjd
7.11.124.108

Baidu Antivirus
HackTool.MSIL.AndroRAT
4.0.3.14111

Bitdefender
Application.Hacktool.Androrat.A
1.0.20.55

Bkav FE
W32.Clodacb.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17579

Dr.Web
Tool.AndroRatBinder
9.0.1.011

ESET NOD32
MSIL/HackTool.AndroRAT
8.9268

F-Secure
Application.Hacktool.Androrat
11.2014-11-01_7

G Data
Application.Hacktool.Androrat
14.1.22

IKARUS anti.virus
not-a-Virus:Hacktool.Androrat
t3scan.2.2.29

K7 AntiVirus
Hacktool
13.175.10781

Malwarebytes
PUP.Optional.Androrat
v2014.01.11.12

McAfee
Artemis!D2D5D395AC8E
5600.7253

MicroWorld eScan
Application.Hacktool.Androrat.A
15.0.0.33

Panda Antivirus
Suspicious file
14.01.11.12

Sophos
Generic PUA BN
4.96

Trend Micro House Call
HKTL_ANDRORAT
7.2.11

Trend Micro
HKTL_ANDRORAT
10.465.11

VIPRE Antivirus
Trojan.Win32.Generic
25248

ViRobot
HackTool.AndroRat.636416
2011.4.7.4223

File size:
621.5 KB (636,416 bytes)

Product version:
1.0.0.4

Copyright:
Copyright © 2013

Original file name:
AndroRat Binder.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\androrat binder.exe

File PE Metadata
Compilation timestamp:
7/26/2013 12:43:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:MLiEWm2RthXDCT9E5/ocm75n5/ocm75nAarbB8m8EWM2RthXDCT9:MEfHCqQcmbQcm9AabeJHC

Entry address:
0x675EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 80, 01, 00, 80, 10, 00, 00, 00, B0, 01, 00, 80, 18, 00, 00, 00, E0, 01, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 02, 00, 00, 00, 90, 00, 00, 80, 03, 00, 00, 00, A8, 00, 00, 80, 04, 00, 00, 00, C0, 00, 00, 80, 05, 00, 00, 00, D8, 00, 00, 80, 06, 00, 00, 00, F0, 00, 00, 80, 07, 00, 00, 00, 08, 01...
 
[+]

Entropy:
6.4963

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
405.5 KB (415,232 bytes)

The file AndroRat Binder.exe has been seen being distributed by the following 3 URLs.

http://download2161.mediafire.com/kdvbq56zm9mg/.../AndroRat Binder.exe

Remove AndroRat Binder.exe - Powered by Reason Core Security