home

bdf515508.exe

The executable bdf515508.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘508b43c’. The file has been seen being downloaded from galerie-contini.net.
MD5:
2d1253e4875b1de61b053d4b16a18dd9

SHA-1:
3bcd8ecbcb5ce12b24aaaa24a5fc4836f8745c72

SHA-256:
2082cf585fce4be7a966a0bdc876fbba3c00666daabf641e86dd65826d060243

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
11/27/2024 1:16:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.303879
463

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Win-Trojan/Utanioz.Gen
2015.03.06

Avira AntiVirus
TR/Kazy.303879
7.11.213.230

avast!
Win32:Downloader-UQU [Trj]
2014.9-151030

AVG
Generic35
2016.0.2941

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.151030

Bitdefender
Gen:Variant.Kazy.303879
1.0.20.1515

Bkav FE
W32.VariantUtaniozC.Trojan
1.3.0.6379

Comodo Security
UnclassifiedMalware
21301

Emsisoft Anti-Malware
Gen:Variant.Kazy.303879
8.15.10.30.03

ESET NOD32
Win32/Injector.ASIU
9.11273

Fortinet FortiGate
W32/Agent.ASIU!tr
10/30/2015

F-Secure
Gen:Variant.Kazy.303879
11.2015-30-10_6

G Data
Gen:Variant.Kazy.303879
15.10.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15170

Kaspersky
Trojan.Win32.Agent
14.0.0.1199

Malwarebytes
Trojan.Agent
v2015.10.30.03

McAfee
Artemis!2D1253E4875B
5600.6597

Microsoft Security Essentials
VirTool:Win32/Injector.gen!DD
1.1.11400.0

MicroWorld eScan
Gen:Variant.Kazy.303879
16.0.0.909

NANO AntiVirus
Trojan.Win32.Kazy.cqivnv
0.30.0.296

Norman
Suspicious_Gen5.AJIMT
11.20151030

Panda Antivirus
Trj/Genetic.gen
15.10.30.03

Qihoo 360 Security
Win32/Trojan.cb3
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.10.30.3

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R08NC0EJB14
7.2.303

Trend Micro
TROJ_GEN.R08NC0EJB14
10.465.30

Vba32 AntiVirus
Backdoor.ZAccess
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38142

Zillya! Antivirus
Trojan.Agentb.Win32.3157
2.0.0.2088

File size:
1.5 MB (1,530,368 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\Music\bdf515508\bdf515508.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.62

CTPH (ssdeep):
24576:FtgvO4ZXuollULGrYRantoeEa5sXwPQ0sT3wutyJFdILo1Wuvvslb+5S+53NHncs:YW5ollTcRantoCY0sTAutOFdyOWuvvsM

Entry address:
0x84E2D0

Entry point:
60, BE, 15, C0, B1, 00, 8D, BE, EB, 4F, 8E, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.3839

Packer / compiler:
UPX 2.90LZMA

Code size:
1.2 MB (1,257,472 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
508b43c

Command:
C:\users\{user}\Music\bdf515508\bdf515508.exe


The file bdf515508.exe has been seen being distributed by the following URL.

http://galerie-contini.net/Galerie/Sources/.../owYKCMrLKqwoJKrlC.exe

Remove bdf515508.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.