home

brutusa2.exe

Brutus - AET2

HooBie Inc.

The application brutusa2.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. This file is typically installed with the program Brutus - AET2 by HooBie Inc.. The file has been seen being downloaded from s5863.chomikuj.pl and multiple other hosts. While running, it connects to the Internet address home.ustc.edu.cn on port 21.
Publisher:
HooBie Inc.

Product:
Brutus - AET2

Description:
Brutus AET 2

Version:
1.0.0.0

MD5:
d6066d187be09b56d917ad3aa63e4874

SHA-1:
b3a44f9cad31ab32342b8ec277cef80d902000c5

SHA-256:
49a3e574080a63b1a24980b3a775a82b5a9f7c269318662f5bbebcf21f8cefe4

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
11/18/2024 2:37:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Brutus.A
1115

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
SPR/Tool.Brutus.A.5
7.11.125.36

avast!
Win32:PSWtool-AL [PUP]
2014.9-140115

Baidu Antivirus
Malware.Win32.HackTool
4.0.3.14115

Bitdefender
Application.Brutus.A
1.0.20.75

Bkav FE
W32.Clodc8a.Trojan
1.3.0.4613

Comodo Security
ApplicUnsaf.Win32.PSWTool.Brutus
17611

Dr.Web
Tool.BrutusPWS
9.0.1.015

ESET NOD32
Win32/PSWTool.Brutus
8.9290

Fortinet FortiGate
Riskware/PWCrack
1/15/2014

F-Prot
W32/HackTool.AKL
v6.4.7.1.166

F-Secure
Application.Brutus.A
11.2014-15-01_4

G Data
Application.Brutus
14.1.24

K7 AntiVirus
Trojan
13.175.10837

Kaspersky
not-a-virus:PSWTool.Win32.Brutus
14.0.0.4462

Malwarebytes
HackTool.Brutus
v2014.01.15.01

McAfee
PWCrack-Brutus
5600.7249

MicroWorld eScan
Application.Brutus.A
15.0.0.45

NANO AntiVirus
Riskware.Win32.Brutus.gett
0.28.0.57029

Norman
Suspicious_Gen2.WUTF
11.20140115

nProtect
Abuse-Worry/W32.PWCrack.679424
14.01.14.02

Panda Antivirus
Application/Brutus.A
14.01.15.01

Quick Heal
HackTool.Agent.nf (Not a Virus)
1.14.12.00

Sophos
Brutus
4.96

Trend Micro House Call
HKTL_BRUTUS
7.2.15

Trend Micro
HKTL_BRUTUS
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
25432

ViRobot
PSWTool.Brutus.679424
2011.4.7.4223

File size:
663.5 KB (679,424 bytes)

Product version:
1.0.0.0

Copyright:
1998,1999,2000 Hoobie Inc

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\brutusa2.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UY53nlwVADVh/D66IEDcIyEZsEFMC4Axk0I8WysXODyC:hlw0GBIPYA0HXN

Entry address:
0x88E50

Entry point:
55, 8B, EC, 83, C4, F4, 53, B8, 58, 8C, 48, 00, E8, 37, DB, F7, FF, 8B, 1D, 54, A0, 48, 00, 8B, 03, E8, 82, 4E, FC, FF, 8B, 03, BA, 50, 8F, 48, 00, E8, 7A, 4A, FC, FF, 8B, 0D, 40, A1, 48, 00, 8B, 03, 8B, 15, 18, 11, 47, 00, E8, 7B, 4E, FC, FF, 8B, 0D, 10, 9F, 48, 00, 8B, 03, 8B, 15, FC, 85, 48, 00, E8, 68, 4E, FC, FF, 8B, 0D, 50, 9E, 48, 00, 8B, 03, 8B, 15, 70, 26, 48, 00, E8, 55, 4E, FC, FF, 8B, 0D, 80, 9E, 48, 00, 8B, 03, 8B, 15, E0, 4E, 48, 00, E8, 42, 4E, FC, FF, 8B, 0D, 94, A1, 48, 00, 8B, 03, 8B, 15...
 
[+]

Entropy:
6.6156

Developed / compiled with:
Microsoft Visual C++

Code size:
544 KB (557,056 bytes)

The file brutusa2.exe has been discovered within the following program.

Brutus - AET2  by HooBie Inc.
About 1% of users remove it
 
Powered by Should I Remove It?

The file brutusa2.exe has been seen being distributed by the following 3 URLs.

http://s5863.chomikuj.pl/File.aspx?e=d4Eqcn3aBhejSzSEtw-85pg4el2uC3ncRa7ID5AFrhvTU5w76ioCndG27wZmmEd-7fCElbpdWjPvqr1b9n2WX9ns3bsXYY6Wr5K_mbt1jHDXlMWvbpaRmB0lFEKj7ylI2jrlgCEL_W4LVzRJl9lijQ&pv=2

http://s10519.chomikuj.pl/File.aspx?e=d4Eqcn3aBhejSzSEtw-85mRRLhmuqjHZGVZjGiWWqxm_uNTUsta8AqMQhhlyHyrq7U7VcMx4bs1JknYHlZfad7zXqgBKsux3TaMxfV-6FIQO9TMQhAS6ZBmARnhsY_e3SfL8tvAq-ZFclhSNSoJRIA&pv=2

http://s10519.chomikuj.pl/File.aspx?e=d4Eqcn3aBhejSzSEtw-85q-uaCr9G6LeM7QoJa_6U2AIn29NI4_-Gsi-qOEMIKkiE6N1p9nuXX9RI-EHhHg8l5kchqo4gBsiJYubmLds29_ls-xvzFFk1EcMaPd_3rjTQ1nmTYlG7GkcGFhnQb_Zyw&pv=2

The executing file has been seen to make the following network communication in live environments.

TCP (FTP):
Connects to home.ustc.edu.cn  (202.38.64.10:21)

Remove brutusa2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.