» AndroRat Binder.exe
Overview
Analysis
File Details
Downloads (3)

AndroRat Binder.exe

AndroRat Binder

The application AndroRat Binder.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The file has been seen being downloaded from download2161.mediafire.com and multiple other hosts.

File name:

AndroRat Binder.exe

Product:

AndroRat Binder

Version:

1.0.0.4

MD5:

d2d5d395ac8ea45d6590dc0bde2c7750

SHA-1:

1dde8f7283a856b9327ead72bd131b7612e4a8b4

SHA-256:

dfeb2fa81380c29962c017cdb719bbcaf2aaca68b64001f2e242c75a46aa509f

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

11/2/2024 11:30:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Hacktool.Androrat.A

1119

AhnLab V3 Security

HackTool/Win32.Androrat

2014.01.10

Avira AntiVirus

KIT/Andro.kjd

7.11.124.108

Baidu Antivirus

HackTool.MSIL.AndroRAT

4.0.3.14111

Bitdefender

Application.Hacktool.Androrat.A

1.0.20.55

Bkav FE

W32.Clodacb.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17579

Dr.Web

Tool.AndroRatBinder

9.0.1.011

ESET NOD32

MSIL/HackTool.AndroRAT

8.9268

F-Secure

Application.Hacktool.Androrat

11.2014-11-01_7

G Data

Application.Hacktool.Androrat

14.1.22

IKARUS anti.virus

not-a-Virus:Hacktool.Androrat

t3scan.2.2.29

K7 AntiVirus

Hacktool

13.175.10781

Malwarebytes

PUP.Optional.Androrat

v2014.01.11.12

McAfee

Artemis!D2D5D395AC8E

5600.7253

MicroWorld eScan

Application.Hacktool.Androrat.A

15.0.0.33

Panda Antivirus

Suspicious file

14.01.11.12

Sophos

Generic PUA BN

4.96

Trend Micro House Call

HKTL_ANDRORAT

7.2.11

Trend Micro

HKTL_ANDRORAT

10.465.11

VIPRE Antivirus

Trojan.Win32.Generic

25248

ViRobot

HackTool.AndroRat.636416

2011.4.7.4223

File size:

621.5 KB (636,416 bytes)

Product version:

1.0.0.4

Original file name:

AndroRat Binder.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\androrat binder.exe

File PE Metadata

Compilation timestamp:

7/26/2013 12:43:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:MLiEWm2RthXDCT9E5/ocm75n5/ocm75nAarbB8m8EWM2RthXDCT9:MEfHCqQcmbQcm9AabeJHC

Entry address:

0x675EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 80, 01, 00, 80, 10, 00, 00, 00, B0, 01, 00, 80, 18, 00, 00, 00, E0, 01, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 02, 00, 00, 00, 90, 00, 00, 80, 03, 00, 00, 00, A8, 00, 00, 80, 04, 00, 00, 00, C0, 00, 00, 80, 05, 00, 00, 00, D8, 00, 00, 80, 06, 00, 00, 00, F0, 00, 00, 80, 07, 00, 00, 00, 08, 01... 
[+]

Entropy:

6.4963

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

405.5 KB (415,232 bytes)

The file AndroRat Binder.exe has been seen being distributed by the following 3 URLs.

http://download2161.mediafire.com/kdvbq56zm9mg/.../AndroRat Binder.exe

http://download2161.mediafire.com/3e07fzzwa0ng/.../AndroRat Binder.exe

http://download2161.mediafire.com/i3jwvpv36dog/.../AndroRat Binder.exe

Remove AndroRat Binder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.