home

blur.exe

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from doc-04-9k-docs.googleusercontent.com.
MD5:
627752d5dc91bc0d00249f3a23980699

SHA-1:
ce21ca07a97a74956a06c0599f614fb73a048e45

SHA-256:
7ef92b57bfd8741cf3de44225e3586c99d7365d7e212b86b3229fbb7d99deee9

Scanner detections:
7 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/29/2024 12:03:02 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Heur
2015.0.3558

Bkav FE
W32.HfsAutoFA
1.3.0.4924

IKARUS anti.virus
Virus.Win32.Heur
t3scan.2.2.29

K7 AntiVirus
Virus
13.176.11193

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14217

Sophos
Mal/Zbot-HX
4.97

VIPRE Antivirus
Trojan.Win32.Generic
26566

File size:
27.2 MB (28,509,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\black_box\blur (tm)\blur.exe

File PE Metadata
Compilation timestamp:
10/24/2015 7:01:30 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:yCJDzAMB5g05JunebqdyZ64ILQPkYAPplC:yCJXNkrytILbYU

Entry address:
0x1B70000

Entry point:
60, 9C, B8, 01, 00, 00, 00, 0F, A2, 83, E0, DF, BB, 00, 11, F7, 01, 8A, C8, 33, C0, 81, 2C, 18, 00, 01, F7, 01, D3, 04, 18, 83, C0, 04, 83, 3C, 18, 00, 75, ED, 64, A1, 18, 00, 00, 00, 8B, 40, 20, 35, 42, 9F, A1, 3E, A3, F8, 4C, F7, 01, B8, 01, 00, 00, 00, 0F, A2, 83, E0, DF, 05, 1E, 27, 38, 00, A3, E8, 4C, F7, 01, E9, 17, 00, 00, 00, 68, 00, 00, 00, 00, E8, 65, 6B, 6A, FF, 83, C4, 08, A1, 60, F4, B0, 01, A3, 60, F4, B0, 01, 83, EC, 10, 64, A1, 18, 00, 00, 00, 8B, 40, 20, 35, D3, 3F, EA, 19, 50, E8, 08, 00...
 
[+]

Entropy:
6.6873

Code size:
10.3 MB (10,814,464 bytes)

Scheduled Task
Task name:
{19B84038-33E6-4F5A-80E8-EFB32ED30A54}

Trigger:
Registration (Runs on registration)


The file blur.exe has been discovered within the following programs.

Blur (TM)  by gGamez, Inc.
www.ggamez.com.com
About 7% of users remove it
Blur(TM)  by Activision
Blur is an arcade racing video game for Microsoft Windows published by Activision in North America and Europe. It features a racing style that incorporates real world cars and locales with arcade style handling and vehicular combat.
www.activision.com/atvihub/home.do
11% remove it
MotoGP 08  by CAPCOM
Publisher's description - “Experience all the thrills and excitement of the premier motorcycle racing championship with the only offical game of the MotoGP series. Race as one fo the legends or race as yourself. MotoGP 08 is packed with all the tracks, riders and motorcycles from the 2008 racing season.”
www.capcom.com
8% remove it
 
Powered by Should I Remove It?

The file blur.exe has been seen being distributed by the following URL.

https://doc-04-9k-docs.googleusercontent.com/docs/securesc/53fokp45nc9bgbt2uherctj9a51lm7k4/de0fl5rbcab6n65j8ahelr7jm8plne2p/1455660000000/03577065741887674462/.../0B1BAzq3kstk8RlM5MS0wNVNVZkE?e=download

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to bd062d10.virtua.com.br  (189.6.45.16:80)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to a173-223-235-17.deploy.static.akamaitechnologies.com  (173.223.235.17:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.114.178:80)

TCP (HTTP):
Connects to host-213.158.175.98.tedata.net  (213.158.175.98:80)

TCP (HTTP):
Connects to host-213.158.175.27.tedata.net  (213.158.175.27:80)

TCP (HTTP):
Connects to host-105.203.250.136.etisalat.com.eg  (105.203.250.136:80)

TCP (HTTP):
Connects to etg-01-011.etg.ras.cantv.net  (200.44.26.11:80)

TCP (HTTP):
Connects to a95-101-72-17.deploy.akamaitechnologies.com  (95.101.72.17:80)

TCP (HTTP):
Connects to a84-53-133-25.deploy.akamaitechnologies.com  (84.53.133.25:80)

TCP (HTTP):
Connects to a104-86-110-17.deploy.static.akamaitechnologies.com  (104.86.110.17:80)

TCP (HTTP):
Connects to a104-121-150-56.deploy.static.akamaitechnologies.com  (104.121.150.56:80)

TCP (HTTP):
Connects to a104-116-245-18.deploy.static.akamaitechnologies.com  (104.116.245.18:80)

TCP (HTTP):
Connects to 212.118.14.44.ua.batelco.jo  (212.118.14.44:80)

TCP (HTTP):
Connects to 200-157-208-232.ded.intelignet.com.br  (200.157.208.232:80)

TCP (HTTP):
Connects to 197-80-130-17.jhb.mweb.co.za  (197.80.130.17:80)

Scan blur.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.