bcc499e.tmp

The file bcc499e.tmp has been detected as malware by 36 anti-virus scanners. While running, it connects to the Internet address Lat.Level3.net on port 80 using the HTTP protocol.
MD5:
80320e2b9f982976aa7f7d10186bc156

SHA-1:
a80ccabe18e2de4773493d7061f4dd8ff53d27c6

SHA-256:
bdf146c4f37921d1e900bf2fcc41c2fc473775d5ae52fcc0fb6d3d77268ff584

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
12/26/2024 12:26:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.14892
342

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Backdoor/Win32.Pushdo
2014.06.04

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.152.210

avast!
Win32:Dropper-gen [Drp]
2014.9-160228

AVG
SHeur4
2017.0.2820

Baidu Antivirus
Worm.Win32.Pilleuz
4.0.3.16228

Bitdefender
Trojan.GenericKDZ.14892
1.0.20.295

Bkav FE
W32.Clod244.Trojan
1.3.0.4959

Comodo Security
TrojWare.Win32.Injector.AFMM
18423

Dr.Web
BackDoor.Bulknet.893
9.0.1.059

Emsisoft Anti-Malware
Trojan.GenericKDZ.14892
8.16.02.28.02

ESET NOD32
Win32/Injector.AFMM (variant)
10.9887

Fortinet FortiGate
W32/Pushdo.PYD!tr.bdr
2/28/2016

F-Prot
W32/Backdoor2.HRPV
v6.4.7.1.166

F-Secure
Trojan.GenericKDZ.14892
11.2016-28-02_1

G Data
Trojan.GenericKDZ.14892
16.2.24

IKARUS anti.virus
Trojan-Downloader.Win32.Cutwail
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.178.12292

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.594

Malwarebytes
Trojan.Ransom.Gen
v2016.02.28.02

McAfee
Cutwail-FBPN!80320E2B9F98
5600.6476

Microsoft Security Essentials
TrojanDownloader:Win32/Cutwail.BS
1.10600

MicroWorld eScan
Trojan.GenericKDZ.14892
17.0.0.177

NANO AntiVirus
Trojan.Win32.Pushdo.bxooad
0.28.0.60100

Norman
Pushdo.I
11.20160228

nProtect
Backdoor/W32.Pushdo.41472.D
14.06.03.01

Panda Antivirus
Trj/Genetic.gen
16.02.28.02

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.Cutwail.AQ
2.16.14.00

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Cutwail
9297

Trend Micro House Call
BKDR_PUSHDO.SMK
7.2.59

Trend Micro
BKDR_PUSHDO.SMK
10.465.28

Vba32 AntiVirus
BScope.Trojan.Pushdo
3.12.26.0

VIPRE Antivirus
Trojan-Downloader.Win32.Cutwail.bx
29898

File size:
40.5 KB (41,472 bytes)

Common path:
C:\users\{user}\appdata\local\temp\bcc499e.tmp

File PE Metadata
Compilation timestamp:
8/19/2004 10:10:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
768:ty6vvu0XPuN6qyrubNry2JVW6pWOvOWjDw9GIw+YR45SAkQ+Ft2/:ty2lWTpGwr2WmGNyZkQ+Fs

Entry address:
0x19F2

Entry point:
33, C0, 50, 68, 36, 13, 40, 00, 50, 68, 98, 3A, 00, 00, 50, B8, 40, 1A, 40, 00, B8, 28, 1A, 40, 00, 68, 5E, 11, 40, 00, E8, 1F, 00, 00, 00, 68, 5E, 10, 40, 00, 50, E8, 1A, 00, 00, 00, FF, D0, 50, E8, 06, 00, 00, 00, FF, 25, 18, 20, 40, 00, FF, 25, 10, 20, 40, 00, FF, 25, 08, 20, 40, 00, FF, 25, 0C, 20, 40, 00, FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5813

Code size:
3 KB (3,072 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to li254-151.members.linode.com  (173.255.244.151:80)

TCP (HTTP):
Connects to Lat.Level3.net  (4.68.80.110:80)

TCP (SMTP):
Connects to p3nlhg434c1434.shr.prod.phx3.secureserver.net  (50.63.97.1:25)

TCP (HTTP):
Connects to ec2-34-248-255-53.eu-west-1.compute.amazonaws.com  (34.248.255.53:80)

TCP (HTTP):
Connects to www.wiredsolutions.ca  (209.15.202.77:80)

TCP (HTTP):
Connects to generic170.mxout.managed.com  (70.34.34.93:80)

TCP (SMTP):
Connects to adtethicsline.com  (216.224.192.243:25)

TCP (SMTP):
Connects to www.waupacafoundry.com  (71.13.131.168:25)

TCP (SMTP):
Connects to www.cruzio.com  (63.249.93.172:25)

TCP (SMTP):
Connects to www.cintas-corp.com  (74.121.200.143:25)

TCP (HTTP):
Connects to whm5.100percenthost.net  (209.177.108.59:80)

TCP (HTTP):
Connects to web-portal-cdn.terra.com.br  (208.84.244.116:80)

TCP (HTTP):
Connects to w2.src.vip.gq1.yahoo.com  (98.137.236.150:80)

TCP (HTTP):
Connects to urlforward.topdns.com  (46.166.189.98:80)

TCP (HTTP):
Connects to surveyslive.com  (72.32.108.144:80)

TCP (HTTP):
Connects to spool.lnh.mail.rcn.net  (207.172.157.181:80)

TCP (HTTP):
Connects to sapo.pt  (213.13.146.142:80)

TCP (SMTP):
Connects to redir-bs.web.de  (82.165.229.87:25)

TCP (HTTP):
Connects to personal-www.metrocast.net  (65.175.128.188:80)

TCP (HTTP):
Connects to mx-rb.dreamwiz.com  (183.111.184.239:80)

Remove bcc499e.tmp - Powered by Reason Core Security