» bbf72e84.exe
Overview
Analysis
File Details
Network (30)

bbf72e84.exe

TODO:

TODO: <Company name>

The executable bbf72e84.exe, “TODO: <File description>” has been detected as malware by 38 anti-virus scanners. While running, it connects to the Internet address ostego.snhdns.com on port 80 using the HTTP protocol.

File name:

bbf72e84.exe

Publisher:

TODO:

Product:

TODO: <Product name>

Description:

TODO: <File description>

Version:

1.0.0.1

MD5:

396655224989872f313850f13b082c4e

SHA-1:

74e1719f243cbb6932bc6db00e247f915092cb39

SHA-256:

fb4933942a1bbea64443fd94118efe412cfc3db3242fe6bd60643c7d7595998f

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

11/5/2024 9:29:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.TinbaKD.2666206

354

Agnitum Outpost

Trojan.Inject

7.1.1

AhnLab V3 Security

Trojan/Win32.MDA

2015.12.21

Avira AntiVirus

TR/Injector.193338

8.3.2.4

Arcabit

Trojan.TinbaKD.D28AEDE

1.0.0.629

avast!

Win32:Malware-gen

2014.9-160215

AVG

Inject3

2017.0.2832

Baidu Antivirus

Trojan.Win32.Inject

4.0.3.16215

Bitdefender

Trojan.TinbaKD.2666206

1.0.20.230

Bkav FE

W32.AnceytorLTF.Trojan

1.3.0.7383

Comodo Security

UnclassifiedMalware

23796

Dr.Web

BackDoor.Andromeda.614

9.0.1.046

Emsisoft Anti-Malware

Trojan.TinbaKD.2666206

8.16.02.15.06

ESET NOD32

Win32/Injector.CHLC (variant)

10.12754

Fortinet FortiGate

W32/Simbada.EN!tr

2/15/2016

F-Prot

W32/Trojan3.RHA

v6.4.7.1.166

F-Secure

Trojan.TinbaKD.2666206

11.2016-15-02_2

G Data

Trojan.TinbaKD.2666206

16.2.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18166

Kaspersky

Trojan.Win32.Inject

14.0.0.656

Malwarebytes

Trojan.Downloader.KYE

v2016.02.15.06

McAfee

RDN/Generic.dx

5600.6488

Microsoft Security Essentials

VirTool:Win32/Obfuscator

1.1.12400.0

MicroWorld eScan

Trojan.TinbaKD.2666206

17.0.0.138

NANO AntiVirus

Trojan.Win32.Inject.dvnaxw

1.0.10.5081

nProtect

Trojan.TinbaKD.2666206

15.12.18.01

Panda Antivirus

Trj/Injector.AV

16.02.15.06

Quick Heal

Trojan.Injector.AJ5

2.16.14.00

Rising Antivirus

PE:Malware.Obscure/Heur!1.9E03 [F]

23.00.65.16213

Sophos

Mal/Inject-FX

4.98

Total Defense

Heur/TrojanHorse.ZCIO!suspicious

37.1.62.1

Trend Micro House Call

TROJ_TINBA.AM

7.2.46

Trend Micro

TROJ_TINBA.AM

10.465.15

Vba32 AntiVirus

Trojan.Agent.2180A

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45948

ViRobot

Trojan.Win32.Agent.193338[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Inject.Win32.176590

2.0.0.2572

File size:

188.8 KB (193,338 bytes)

Product version:

1.0.0.1

Original file name:

Pchild2.exe

File type:

Executable application (Win32 EXE)

Language:

Francuski (Francja)

Common path:

C:\users\{user}\appdata\roaming\bbf72e84.exe

File PE Metadata

Compilation timestamp:

8/21/2015 12:06:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:2+2rhMBgP71R1+AGei5X2a4+1vr6lK9VKpyOBv0LsqOgLbjwGWGRsxoUSgTydVZT:2Xrrf1+zv22jtLKACvxyjCGRnNWAsZq

Entry address:

0x10220

Entry point:

E8, A8, 2E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 57, 33, F6, FF, 75, 08, E8, 17, 12, 00, 00, 8B, F8, 59, 85, FF, 75, 27, 39, 05, C8, B1, 41, 00, 76, 1F, 56, FF, 15, 60, 60, 41, 00, 8D, 86, E8, 03, 00, 00, 3B, 05, C8, B1, 41, 00, 76, 03, 83, C8, FF, 8B, F0, 83, F8, FF, 75, CA, 8B, C7, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 57, 33, F6, 6A, 00, FF, 75, 0C, FF, 75, 08, E8, E3, 2E, 00, 00, 8B, F8, 83, C4, 0C, 85, FF, 75, 27, 39, 05, C8, B1, 41, 00, 76, 1F, 56, FF, 15, 60, 60, 41, 00, 8D, 86, E8... 
[+]

Code size:

81.5 KB (83,456 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to xaicom.net (85.214.214.113:80)

TCP (HTTP):

Connects to www754.sakura.ne.jp (59.106.19.204:80)

TCP (HTTP):

Connects to www1.nitrosell.com (72.3.177.107:80)

TCP (HTTP):

Connects to sv140.xserver.jp (210.188.201.166:80)

TCP (HTTP):

Connects to sinkhole-01.sinkhole.tech (95.211.174.92:80)

TCP (HTTP):

Connects to server10.webage.co.uk (193.34.148.140:80)

TCP (HTTP):

Connects to server.farmhouseserver.com (198.57.196.166:80)

TCP (HTTP):

Connects to server.egywebstore.com (72.44.93.236:80)

TCP (HTTP):

Connects to seriali02.aqserver.com (80.93.82.33:80)

TCP (HTTP):

Connects to rs101.nsresponse.com (204.93.177.101:80)

TCP (HTTP):

Connects to redirect-v225.secureserver.net (184.168.47.225:80)

TCP (HTTP):

Connects to perfora.net (74.208.215.199:80)

TCP (HTTP):

Connects to ostego.snhdns.com (198.38.77.142:80)

TCP (HTTP):

Connects to ora.ecnet.jp (118.23.162.86:80)

TCP (HTTP):

Connects to ns69.kreativmedia.ch (80.74.154.6:80)

TCP (HTTP):

Connects to newip240.telewave.ad.jp (219.122.1.240:80)

TCP (HTTP):

Connects to ht1.domain4all.nl (178.250.193.121:80)

TCP (HTTP):

Connects to h-f.net (92.222.129.136:80)

TCP (HTTP):

Connects to ec2-52-21-176-214.compute-1.amazonaws.com (52.21.176.214:80)

TCP (HTTP):

Connects to dgws16s26db.ispgateway.de (80.67.28.73:80)

Remove bbf72e84.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.