bf877m2tw5uw3.exe

The application bf877m2tw5uw3.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named v3q0gmcd triggered daily at a specified time. While running, it connects to the Internet address blob.am5prdstr07a.store.core.windows.net on port 443.
Version:
0.0.0.0

MD5:
13d1eca8589608d7d59b3c85bac787d3

SHA-1:
9b7910d8b4b2e879317db241b147b32b0325a530

SHA-256:
d1e3d9bd6b98784791f54f8931d25eba48ce8ce39d04575cc2591c928a6f4246

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:27:55 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Crypted
7.1.1

avast!
Win32:Dropper-gen [Drp]
151004-0

Baidu Antivirus
Adware.MSIL.Linkury
4.0.3.151019

ESET NOD32
MSIL/Toolbar.Linkury.AG potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Crypted.AG!tr.dldr
10/19/2015

G Data
Win32.Trojan.Agent.0TNRDK
15.10.25

IKARUS anti.virus
PUA.MSIL.Toolbar
t3scan.1.9.5.0

Kaspersky
Trojan-Downloader.MSIL.Crypted
15.0.0.543

Malwarebytes
PUP.Optional.Linkury
v2015.10.19.06

McAfee
Trojan.Artemis!13D1ECA85896
18.0.204.0

NANO AntiVirus
Trojan.Win32.Crypted.dxwhzl
0.30.26.3947

Panda Antivirus
Generic Suspicious
15.10.19.06

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.151017

Sophos
Generic PUA JL (PUA)
4.98

SUPERAntiSpyware
PUP.Linkury/Variant
9559

File size:
56.5 KB (57,856 bytes)

Product version:
0.0.0.0

Original file name:
uou.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\common files\llcifk2u\bf877m2tw5uw3.exe

File PE Metadata
Compilation timestamp:
10/6/2015 3:46:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:b9vA/ElCig95oYIvjqdZjtMWv0AlNsofCKr:bxhCiieCP0AfsofCKr

Entry address:
0xF74E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
54 KB (55,296 bytes)

Scheduled Task
Task name:
v3q0gmcd

Trigger:
Daily (Runs daily at 17:17)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:443)

Remove bf877m2tw5uw3.exe - Powered by Reason Core Security