BluPro.exe

BluPro

BKAV

The executable BluPro.exe, “BkavPro Liveupdate” has been detected as malware by 15 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BLuPro’. While running, it connects to the Internet address static.vnpt.vn on port 80 using the HTTP protocol.
Publisher:
BKAV

Product:
BluPro

Description:
BkavPro Liveupdate

Version:
1, 0, 0, 1

MD5:
eeabe8dd121afca3d45e8eba14ae655b

SHA-1:
bcad096687fa4edda5eeceeb607a3178a537705c

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
12/27/2024 11:02:43 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Scar
7.1.1

AVG
SHeur4
2017.0.2757

Comodo Security
Heur.Suspicious
21344

Fortinet FortiGate
W32/Dx.SDV!tr
4/30/2016

F-Prot
W32/MalwareS.ARJY
v6.4.7.1.166

IKARUS anti.virus
Trojan.Win32.Scar
t3scan.1.8.6.0

McAfee
Artemis!EEABE8DD121A
5600.6413

NANO AntiVirus
Trojan.Win32.Scar.tnokw
0.30.0.296

Norman
Suspicious_Gen4.BOBUS
11.20160430

nProtect
Trojan/W32.Scar.274502
15.03.06.01

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0VBB15
7.2.121

Trend Micro
TROJ_GEN.R047C0VBB15
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
38256

Zillya! Antivirus
Trojan.Scar.Win32.73432
2.0.0.2091

File size:
268.1 KB (274,502 bytes)

Product version:
1, 0, 0, 1

Copyright:
© Bkav. All rights reserved.

Original file name:
BluPro.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\blupro\blupro.exe

File PE Metadata
Compilation timestamp:
12/23/2009 2:10:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:iJc5P7hJKjhJktxPX4Jd5GT6Ik7P1Q4ud5rPB8Ia46eTH/+lmIm:i6XtPX4JGmPZud5rPS146eTH/N

Entry address:
0x12A20

Entry point:
55, 8B, EC, 6A, FF, 68, 18, 75, 43, 00, 68, 60, 0B, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, A4, 53, 56, 57, 89, 65, E8, FF, 15, 78, F5, 43, 00, A3, DC, D3, 43, 00, A1, DC, D3, 43, 00, C1, E8, 08, 25, FF, 00, 00, 00, A3, E8, D3, 43, 00, 8B, 0D, DC, D3, 43, 00, 81, E1, FF, 00, 00, 00, 89, 0D, E4, D3, 43, 00, 8B, 15, E4, D3, 43, 00, C1, E2, 08, 03, 15, E8, D3, 43, 00, 89, 15, E0, D3, 43, 00, A1, DC, D3, 43, 00, C1, E8, 10, 25, FF, FF, 00, 00, A3, DC, D3, 43, 00, 6A, 00, E8, FD...
 
[+]

Entropy:
4.2671

Developed / compiled with:
Microsoft Visual C++

Code size:
216 KB (221,184 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
BLuPro

Command:
C:\Program Files\blupro\blupro.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to static.vnpt.vn  (123.30.245.68:80)

Remove BluPro.exe - Powered by Reason Core Security