bbf72e84.exe

TODO:

TODO: <Company name>

The executable bbf72e84.exe, “TODO: <File description>” has been detected as malware by 38 anti-virus scanners. While running, it connects to the Internet address ostego.snhdns.com on port 80 using the HTTP protocol.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
396655224989872f313850f13b082c4e

SHA-1:
74e1719f243cbb6932bc6db00e247f915092cb39

SHA-256:
fb4933942a1bbea64443fd94118efe412cfc3db3242fe6bd60643c7d7595998f

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
12/24/2024 4:26:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.TinbaKD.2666206
354

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.12.21

Avira AntiVirus
TR/Injector.193338
8.3.2.4

Arcabit
Trojan.TinbaKD.D28AEDE
1.0.0.629

avast!
Win32:Malware-gen
2014.9-160215

AVG
Inject3
2017.0.2832

Baidu Antivirus
Trojan.Win32.Inject
4.0.3.16215

Bitdefender
Trojan.TinbaKD.2666206
1.0.20.230

Bkav FE
W32.AnceytorLTF.Trojan
1.3.0.7383

Comodo Security
UnclassifiedMalware
23796

Dr.Web
BackDoor.Andromeda.614
9.0.1.046

Emsisoft Anti-Malware
Trojan.TinbaKD.2666206
8.16.02.15.06

ESET NOD32
Win32/Injector.CHLC (variant)
10.12754

Fortinet FortiGate
W32/Simbada.EN!tr
2/15/2016

F-Prot
W32/Trojan3.RHA
v6.4.7.1.166

F-Secure
Trojan.TinbaKD.2666206
11.2016-15-02_2

G Data
Trojan.TinbaKD.2666206
16.2.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18166

Kaspersky
Trojan.Win32.Inject
14.0.0.656

Malwarebytes
Trojan.Downloader.KYE
v2016.02.15.06

McAfee
RDN/Generic.dx
5600.6488

Microsoft Security Essentials
VirTool:Win32/Obfuscator
1.1.12400.0

MicroWorld eScan
Trojan.TinbaKD.2666206
17.0.0.138

NANO AntiVirus
Trojan.Win32.Inject.dvnaxw
1.0.10.5081

nProtect
Trojan.TinbaKD.2666206
15.12.18.01

Panda Antivirus
Trj/Injector.AV
16.02.15.06

Quick Heal
Trojan.Injector.AJ5
2.16.14.00

Rising Antivirus
PE:Malware.Obscure/Heur!1.9E03 [F]
23.00.65.16213

Sophos
Mal/Inject-FX
4.98

Total Defense
Heur/TrojanHorse.ZCIO!suspicious
37.1.62.1

Trend Micro House Call
TROJ_TINBA.AM
7.2.46

Trend Micro
TROJ_TINBA.AM
10.465.15

Vba32 AntiVirus
Trojan.Agent.2180A
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45948

ViRobot
Trojan.Win32.Agent.193338[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Inject.Win32.176590
2.0.0.2572

File size:
188.8 KB (193,338 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2015

Original file name:
Pchild2.exe

File type:
Executable application (Win32 EXE)

Language:
Francuski (Francja)

Common path:
C:\users\{user}\appdata\roaming\bbf72e84.exe

File PE Metadata
Compilation timestamp:
8/21/2015 12:06:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:2+2rhMBgP71R1+AGei5X2a4+1vr6lK9VKpyOBv0LsqOgLbjwGWGRsxoUSgTydVZT:2Xrrf1+zv22jtLKACvxyjCGRnNWAsZq

Entry address:
0x10220

Entry point:
E8, A8, 2E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 57, 33, F6, FF, 75, 08, E8, 17, 12, 00, 00, 8B, F8, 59, 85, FF, 75, 27, 39, 05, C8, B1, 41, 00, 76, 1F, 56, FF, 15, 60, 60, 41, 00, 8D, 86, E8, 03, 00, 00, 3B, 05, C8, B1, 41, 00, 76, 03, 83, C8, FF, 8B, F0, 83, F8, FF, 75, CA, 8B, C7, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 57, 33, F6, 6A, 00, FF, 75, 0C, FF, 75, 08, E8, E3, 2E, 00, 00, 8B, F8, 83, C4, 0C, 85, FF, 75, 27, 39, 05, C8, B1, 41, 00, 76, 1F, 56, FF, 15, 60, 60, 41, 00, 8D, 86, E8...
 
[+]

Code size:
81.5 KB (83,456 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to xaicom.net  (85.214.214.113:80)

TCP (HTTP):
Connects to www754.sakura.ne.jp  (59.106.19.204:80)

TCP (HTTP):
Connects to www1.nitrosell.com  (72.3.177.107:80)

TCP (HTTP):
Connects to sv140.xserver.jp  (210.188.201.166:80)

TCP (HTTP):
Connects to sinkhole-01.sinkhole.tech  (95.211.174.92:80)

TCP (HTTP):
Connects to server10.webage.co.uk  (193.34.148.140:80)

TCP (HTTP):
Connects to server.farmhouseserver.com  (198.57.196.166:80)

TCP (HTTP):
Connects to server.egywebstore.com  (72.44.93.236:80)

TCP (HTTP):
Connects to seriali02.aqserver.com  (80.93.82.33:80)

TCP (HTTP):
Connects to rs101.nsresponse.com  (204.93.177.101:80)

TCP (HTTP):
Connects to redirect-v225.secureserver.net  (184.168.47.225:80)

TCP (HTTP):
Connects to perfora.net  (74.208.215.199:80)

TCP (HTTP):
Connects to ostego.snhdns.com  (198.38.77.142:80)

TCP (HTTP):
Connects to ora.ecnet.jp  (118.23.162.86:80)

TCP (HTTP):
Connects to ns69.kreativmedia.ch  (80.74.154.6:80)

TCP (HTTP):
Connects to newip240.telewave.ad.jp  (219.122.1.240:80)

TCP (HTTP):
Connects to ht1.domain4all.nl  (178.250.193.121:80)

TCP (HTTP):
Connects to h-f.net  (92.222.129.136:80)

TCP (HTTP):
Connects to ec2-52-21-176-214.compute-1.amazonaws.com  (52.21.176.214:80)

TCP (HTTP):
Connects to dgws16s26db.ispgateway.de  (80.67.28.73:80)

Remove bbf72e84.exe - Powered by Reason Core Security