home

bots.exe

Bots Updater

The executable bots.exe has been detected as malware by 8 anti-virus scanners. This file is typically installed with the program Bots 1 by Zylon Gaming. While running, it connects to the Internet address server-52-85-77-159.lax3.r.cloudfront.net on port 443.
Product:
Bots Updater

Version:
1.0.0.0

MD5:
6a6a09e4fb6dca8cac62b0875cb00951

SHA-1:
93b05beb5c2cfb553ba74d4e1a739966c467879f

SHA-256:
f9f5720a520a84344f6758a8ff5bcd696b6bf092f099adb4b8753bc83c447a7b

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/24/2024 9:32:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1944346
537

Bitdefender
Trojan.GenericKD.1944346
1.0.20.1145

Emsisoft Anti-Malware
Trojan.GenericKD.1944346
8.15.08.17.08

F-Secure
Trojan.GenericKD.1944346
11.2015-17-08_2

G Data
Trojan.GenericKD.1944346
15.8.24

MicroWorld eScan
Trojan.GenericKD.1944346
16.0.0.687

nProtect
Trojan.GenericKD.1944346
14.11.28.01

Trend Micro House Call
TROJ_GEN.R0C1H09K214
7.2.229

File size:
175.5 KB (179,712 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012

Original file name:
BoutCheetahLauncher.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
5/12/2012 10:06:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:tUaHHS410iKu8gKS3tR0hk5TvRLTO/PXK8WGiCD71G7tk5aiShwha+I:e410iK6sheO/bWnQgk54sI

Entry address:
0x2C95E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4377

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
170.5 KB (174,592 bytes)

The file bots.exe has been discovered within the following program.

Bots 1  by Zylon Gaming
This is a casual video game for the PC distributed by Zylom, powered by GameHouse Europe. A free trail of the full version is available for a time limited download. The game download requires the Zylom Games Player to be installed which in some cases bundles additional software.
bots.zylongaming.com
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dedi.zylongaming.com  (96.31.85.154:80)

TCP (HTTP SSL):
Connects to server-54-230-141-192.sfo5.r.cloudfront.net  (54.230.141.192:443)

TCP (HTTP SSL):
Connects to ad-sj2.mediaplex.com  (64.156.167.77:443)

TCP (HTTP SSL):
Connects to a184-24-58-77.deploy.static.akamaitechnologies.com  (184.24.58.77:443)

TCP (HTTP):
Connects to server-54-230-206-135.atl50.r.cloudfront.net  (54.230.206.135:80)

TCP (HTTP SSL):
Connects to server-54-230-182-241.icn50.r.cloudfront.net  (54.230.182.241:443)

TCP (HTTP SSL):
Connects to server-54-230-182-135.icn50.r.cloudfront.net  (54.230.182.135:443)

TCP (HTTP):
Connects to server-54-192-25-172.mxp4.r.cloudfront.net  (54.192.25.172:80)

TCP (HTTP SSL):
Connects to server-52-85-77-159.lax3.r.cloudfront.net  (52.85.77.159:443)

TCP (HTTP SSL):
Connects to server-52-84-174-78.gru50.r.cloudfront.net  (52.84.174.78:443)

TCP (HTTP SSL):
Connects to server-52-84-174-47.gru50.r.cloudfront.net  (52.84.174.47:443)

Remove bots.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.