home

bibfacil6.exe

The executable bibfacil6.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from mtg.com.br and multiple other hosts. While running, it connects to the Internet address orion05.locaweb.com.br on port 80 using the HTTP protocol.
MD5:
e01ab35ff28fd3b2e1b5986b31148af3

SHA-1:
1d9603a6dca3caf7b572a2942a3aa669019cedc6

SHA-256:
6c38300b496bc6dd37c05ba1aa22d0b583d7ecb4299cf77594d22dbb8a0039ef

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/15/2024 8:52:31 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PC-Guard
7.1.1

Bkav FE
HW32.Packed
1.3.0.7717

Comodo Security
Heur.Packed.MultiPacked
24371

Dr.Web
Trojan.Packed.Based
9.0.1.062

IKARUS anti.virus
Trojan-PWS.SuspectCRC
t3scan.2.0.8.0

McAfee
Artemis!E01AB35FF28F
5600.6473

Rising Antivirus
PE:Malware.XPACK/RDM!5.1 [F]
23.00.65.16229

File size:
3.3 MB (3,410,432 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
3/4/2010 11:00:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:xgzITP0UOx7A9Q5aur9KHUvU9kMvwxx0qoTDdX6teqmQKWVcsKwXXaGoG0khbBv:xgzsq6YvokvxSREeqmtcqGV9d

Entry address:
0x881000

Entry point:
FC, 55, 50, E8, 00, 00, 00, 00, 5D, 60, E8, 03, 00, 00, 00, 83, EB, 0E, EB, 01, 0C, 58, EB, 01, 35, 40, EB, 01, 36, FF, E0, 0B, 61, B8, 7C, BB, 41, 00, EB, 01, E3, 60, E8, 03, 00, 00, 00, D2, EB, 0B, 58, EB, 01, 48, 40, EB, 01, 35, FF, E0, E7, 61, 2B, E8, 9C, EB, 01, D5, 9D, EB, 01, 0B, 58, 60, E8, 03, 00, 00, 00, 83, EB, 0E, EB, 01, 0C, 58, EB, 01, 35, 40, EB, 01, 36, FF, E0, 0B, 61, 89, 85, 10, 5C, 43, 00, 9C, EB, 01, D5, 9D, EB, 01, 0B, 58, EB, 01, E3, 60, E8, 03, 00, 00, 00, D2, EB, 0B, 58, EB, 01, 48...
 
[+]

Packer / compiler:
PC Guard for Win32 v5.00

Code size:
5.6 MB (5,837,824 bytes)

The file bibfacil6.exe has been seen being distributed by the following 2 URLs.

http://mtg.com.br/software/.../Bibfacil6.exe

http://www.mtg.com.br/software/.../BibFacil6.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to orion05.locaweb.com.br  (191.252.4.25:80)

Remove bibfacil6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.