home

bastor

Bullified Corporation

The file bastor has been detected as malware by 31 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named bastor triggered to execute each time a user logs in.
Publisher:
Webcam Titre  (signed by Bullified Corporation)

Product:
Webcam Titre

Version:
2.1.0.2

MD5:
8c0c6bd83698c177f96fcc5cbe958d56

SHA-1:
78bc468f22cd5bccbd5c099398886bbcc145c0b9

SHA-256:
4f3d7c771cb7f5fac7bb561a8cc7823087cfdaa78db08ef6b03ab5658ca233e0

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
11/27/2024 8:28:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.16305859
108

AegisLab AV Signature
Troj.Msil.Agent!c
2.1.4+

Avira AntiVirus
TR/Dropper.MSIL.zyut
8.3.3.4

Arcabit
Trojan.Generic.DF8CEC3
1.0.0.741

avast!
Win32:Malware-gen
2014.9-161019

AVG
Atros3
2017.0.2586

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.161019

Bitdefender
Trojan.Generic.16305859
1.0.20.1465

Comodo Security
TrojWare.MSIL.VirTool.Subti.K
25267

Dr.Web
Trojan.DownLoader19.21785
9.0.1.0293

Emsisoft Anti-Malware
Trojan.Generic.16305859
8.16.10.19.12

ESET NOD32
MSIL/Kryptik.FRN (variant)
10.13665

Fortinet FortiGate
MSIL/Injector.OSK!tr
10/19/2016

F-Secure
Trojan.Generic.16305859
11.2016-19-10_4

G Data
Trojan.Generic.16305859
16.10.25

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.2219968

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-575

McAfee
Trojan-FIHN!8C0C6BD83698
5600.6242

Microsoft Security Essentials
VirTool:MSIL/Injector.IX
1.1.12805.0

MicroWorld eScan
Trojan.Generic.16305859
17.0.0.879

NANO AntiVirus
Trojan.Win32.DownLoader19.ebkjss
1.0.38.8881

nProtect
Trojan.Generic.16305859
16.06.17.01

Panda Antivirus
Trj/GdSda.A
16.10.19.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
Trojan.Agen.r3
10.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00XC0ED916
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
50154

ViRobot
Trojan.Win32.Z.Kryptik.497712[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.BrabotCRTD.Win32.58
2.0.0.2921

File size:
486 KB (497,712 bytes)

Product version:
2.1.0.2

Copyright:
Copyright @ 2016

Original file name:
FlHFVzSJni7F4fxrFvjVfNZNFxvz6pw19PxKB.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\bastor

Digital Signature
Signed by:
Bullified Corporation

Authority:
Bullified Corporation

Valid from:
3/30/2016 3:43:18 AM

Valid to:
3/31/2026 3:43:18 AM

Subject:
E=adl@bullified.com, CN=Bullified Ltd., OU=MIIO Dept., O=Bullified Corporation, L=Sydney, S=New South Wales, C=AU

Issuer:
E=adl@bullified.com, CN=Bullified Ltd., OU=MIIO Dept., O=Bullified Corporation, L=Sydney, S=New South Wales, C=AU

Serial number:
00D49F2215296B86E7

File PE Metadata
Compilation timestamp:
4/3/2016 7:32:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:b+pJMumHtts8ERjaPtzyxD8uq7nbRBeMGX4C5gRAiRD9GlRQORtW:b+pJMumKjaPt6wCMGFgKiRDglRQF

Entry address:
0x799EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, A0, 07, 00, A0, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 03, 34, 00, 00, 00, 56, 00, 53, 00, 5F, 00, 56, 00, 45, 00, 52, 00, 53, 00, 49, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
478.5 KB (489,984 bytes)

Scheduled Task
Task name:
bastor

Path:
\Update\bastor

Trigger:
Logon (Runs on logon)


Remove bastor - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.