home

budzik104.exe

BLITZ-ART

The executable budzik104.exe, “Budzik ” has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.blitz-art.com.
Publisher:
BLITZ-ART

Description:
Budzik

Version:
1.04

MD5:
42163ccdac512179dc21bf4580ccb7d3

SHA-1:
71d597490b51b305e25fe10e177bd04b28a6a61d

SHA-256:
66ec7e1d0af287763dff2de5403d8d4baeab706624a9e8680d2950e85ccdcad9

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/17/2024 5:35:17 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160326-0

AVG
Win32/Sality
2015.0.4355

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1672.0

Norman
Win32.Sality.3
10.04.2016 15:29:17

File size:
756.8 KB (774,965 bytes)

Copyright:
BLITZ-ART

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
English (United States)

Common path:
C:\documents and settings\administrator\moje dokumenty\downloads\budzik104.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:fmkOy2kk4chttLaU/aL4T5Y4ETkj+ODXYtH7npci/QvDkfyT+exPx7t8CuB/dfav:ffOypk4cDZaKC4Eq0tH7WXvDkfypx5Gq

Entry address:
0x98D8

Entry point:
60, 8A, CA, 8D, 35, 81, 74, F2, B8, 0D, 10, D6, 51, DF, 33, E8, 88, DD, 85, F7, 3B, F6, 71, 03, 0F, B7, DD, BE, FB, D9, A0, 5F, 87, CF, 03, C5, 31, CA, E8, AA, 00, 00, 00, 6B, F6, 00, 01, D3, 87, C7, 85, CB, 8D, 2D, 9E, 63, BD, D7, C7, C1, BE, 07, 09, 41, 35, 3F, 64, CA, 9A, 8D, 05, 25, AF, 47, 6F, F7, C6, A3, 2F, 4A, F0, EB, 02, 2B, C2, 28, C8, 89, C5, 6B, D2, 00, 8A, C5, C6, C0, 94, 8B, C2, 81, CA, 76, FC, FF, FF, 80, CC, 22, 81, C2, F0, 04, 00, 00, 0F, BE, C7, 33, EB, F6, C6, B9, 52, 20, E8, 8D, 3D, C5...
 
[+]

Code size:
36 KB (36,864 bytes)

The file budzik104.exe has been seen being distributed by the following URL.

http://www.blitz-art.com/dl.php?plik=budzik

Remove budzik104.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.