» b4f753.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

b4f753.exe

The executable b4f753.exe has been detected as malware by 29 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘B4F753’.

File name:

b4f753.exe

MD5:

d3be3c03effa154119776bd87f61a66d

SHA-1:

f19038ecda66d6244bdb2152cfc231d16d3693fd

SHA-256:

e2ae14a31ce164cf0b0cca1758b811691dc3156d2861fdb57279f52729cbfb37

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

11/27/2024 4:51:19 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Flystudio.worm.Gen

2010.07.18

Avira AntiVirus

DR/Drop.Flystud.YO.37

8.2.4.12

Emsisoft A-Squared

Worm.Win32.FlyStudio!IK

5.0.0.31

avast!

Win32:EvilEPL

2014.9-160307

AVG

Generic_c

2017.0.2812

Bitdefender

Dropped:Trojan.Generic.3434016

1.0.20.335

Clam AntiVirus

Trojan.Dropper-21706

0.98/170.3

Comodo Security

UnclassifiedMalware

5470

ESET NOD32

Win32/AutoRun.FlyStudio.SR

10.5289

Fortinet FortiGate

W32/Autorun.YO!tr

3/7/2016

F-Prot

W32/Nuj.A.gen

v6.4.6.1.107

F-Secure

Trojan-Dropper:W32/Peed.gen!A

11.2016-07-03_2

G Data

Dropped:Trojan.Generic.3434016

16.3.21

IKARUS anti.virus

Worm.Win32.FlyStudio

t3scan.1.1.84.0

Kaspersky

Trojan-Dropper.Win32.Flystud

14.0.0.555

McAfee

W32/Autorun.worm.ev

5600.6468

Microsoft Security Essentials

Backdoor:Win32/FlyAgent.F

1.163.1557.0

Norman

W32/Tibs.DMZR

11.20160307

nProtect

Trojan/W32.Agent.1403688.B

10.07.18.02

Panda Antivirus

Bck/Wutau.B

16.03.07.01

Prevx

P2P Share High Risk Worm

3.0

Quick Heal

Win32.Trojan-Dropper.Flystud.ko.5.Pack

3.16.11.00

Rising Antivirus

Trojan.Win32.ECode.ee

23.00.65.16305

Sophos

Mal/EncPk-NB

4.55

SUPERAntiSpyware

Trojan.Agent/Gen-Fly[Large]

9281

Trend Micro House Call

WORM_AUTORUN.SMW

7.2.67

Trend Micro

WORM_AUTORUN.SMW

10.465.07

Vba32 AntiVirus

Trojan-Downloader.Win32.FlyStudio.fw

3.12.12.6

ViRobot

Dropper.Flystud.1403688.A

2010.7.12.3932

File size:

1.3 MB (1,403,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\e95257\b4f753.exe

File PE Metadata

Compilation timestamp:

12/25/1972 12:33:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.0

CTPH (ssdeep):

24576:sQ6gEgFzbRprd7Go/UpQplveJayUb2nWNNP/2i6YCc:sf4XxLXPh72nCNP/2tXc

Entry address:

0x140A

Entry point:

50, 56, 57, 52, 83, CF, 4C, 53, 51, 0F, 85, 50, FF, FF, FF, CC, 23, 59, 84, 89, DD, B2, 5B, 6F, 56, 6A, 11, AC, D0, F6, 62, BF, DD, 2A, DC, 34, 56, 01, 5B, 6F, 5A, E6, E1, 96, 3E, 73, DB, FE, D3, D2, 2C, BD, 52, E7, 5C, 6C, C6, F5, DA, 6E, A5, 37, 28, 94, A6, E7, D7, AB, D5, AB, E0, 06, AA, 72, CB, 2D, 40, E8, D7, EB, 52, 5B, 1C, 37, A2, EB, DA, 7E, DD, 2F, E0, 2E, 4B, E8, 55, E3, DD, E9, DA, 6E, DD, 61, DC, D6, 21, 39, 5B, 9B, 5A, B8, C7, 2F, 14, F0, 0A, 75, D5, E6, D8, 1F, 6D, 4D, 63, B6, D5, A9, DA, A2... 
[+]

Code size:

24 KB (24,576 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

B4F753

Command:

C:\Windows\System32\e95257\b4f753.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-0-217-44.compute-1.amazonaws.com (52.0.217.44:80)

Remove b4f753.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.