bkavpro.exe

The executable bkavpro.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from north.bkav.com.vn. While running, it connects to the Internet address static.vnpt.vn on port 80 using the HTTP protocol.
MD5:
1e327b9ef454e68f4afa1955160aa64b

SHA-1:
1d0e40913c961e6ceff7c953a9312046c7e0e2f0

SHA-256:
34351b27f2058436fb61277423220d934a6e595e79a3eb88f72fe093e59662dc

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/27/2024 7:40:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.96401
400

Arcabit
Trojan.Strictor.D17891
1.0.0.637

Bitdefender
Gen:Variant.Strictor.96401
1.0.20.5

Emsisoft Anti-Malware
Gen:Variant.Strictor.96401
8.16.01.01.07

F-Secure
Gen:Variant.Strictor.96401
11.2016-01-01_6

G Data
Gen:Variant.Strictor.96401
16.1.25

MicroWorld eScan
Gen:Variant.Strictor.96401
17.0.0.3

File size:
377 KB (386,048 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\bkavpro.exe

File PE Metadata
Compilation timestamp:
12/25/2015 7:07:03 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:u6I3L9p5LDfudK6Q+qY0ELVw/CDKaUn3pEgzOPYh:YEdKqqY0Eu/CDh6qgU2

Entry address:
0x14E56

Entry point:
E8, C1, 48, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, C0, 4C, 43, 00, 75, 02, F3, C3, E9, 43, 49, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, B5, 15, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, C4, 4E, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 90, 15, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, FD, 49, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0...
 
[+]

Entropy:
5.7827

Code size:
156 KB (159,744 bytes)

The file bkavpro.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to static.vnpt.vn  (123.30.245.64:80)

Remove bkavpro.exe - Powered by Reason Core Security