home

clash farmer bot.exe

The executable clash farmer bot.exe has been detected as malware by 35 anti-virus scanners. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.
MD5:
b2f1ac1eca8115391ac201cc1bd5fe80

SHA-1:
770b4edb638271da0911e7cf085cd8cdea5693dc

SHA-256:
8eeadf66d31e4d4a4e441aef2791b91fcd90124e04fedbcc9fbb5ff2effae919

Scanner detections:
35 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/23/2024 3:30:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
440

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.11.07

Avira AntiVirus
W32/Sality.AT
8.3.2.2

Arcabit
Win32.Sality.3
1.0.0.590

avast!
Win32:SaliCode
2014.9-151121

AVG
Win32/Sality
2016.0.2918

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.151121

Bitdefender
Win32.Sality.3
1.0.20.1625

Comodo Security
Virus.Win32.Sality.gen
23541

Dr.Web
Win32.Sector.22
9.0.1.0325

Emsisoft Anti-Malware
Win32.Sality
8.15.11.21.10

ESET NOD32
Win32/Sality.NBA
9.12527

F-Prot
W32/Sality.gen2
v6.4.7.1.166

F-Secure
Win32.Sality.3
11.2015-21-11_7

G Data
Win32.Sality
15.11.25

IKARUS anti.virus
Trojan.Strictor
t3scan.1.9.5.0

K7 AntiVirus
Virus
13.212.17776

Kaspersky
Virus.Win32.Sality
14.0.0.1085

McAfee
W32/Sality.gen.z
5600.6574

Microsoft Security Essentials
Virus:Win32/Sality.AT
1.1.12205.0

MicroWorld eScan
Win32.Sality.3
16.0.0.975

NANO AntiVirus
Virus.Win32.Sality.beygb
0.30.26.4437

nProtect
Virus/W32.Sality.D
15.11.06.01

Panda Antivirus
W32/Sality.AA
15.11.21.10

Qihoo 360 Security
Virus.Win32.Sality.I
1.0.0.1077

Quick Heal
W32.Sality.U
11.15.14.00

Rising Antivirus
PE:Virus.Sality!1.A09C [F]
23.00.65.151119

Sophos
Generic PUA PC (PUA)
4.98

Total Defense
Win32/Sality.AA
37.1.62.1

Trend Micro House Call
PE_SALITY.RL
7.2.325

Trend Micro
PE_SALITY.RL
10.465.21

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.4

VIPRE Antivirus
Virus.Win32.Sality.at
45044

ViRobot
Win32.Sality.Gen.A[h]
2014.3.20.0

File size:
7 MB (7,367,270 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\compressed\clash farmer bot.exe

File PE Metadata
Compilation timestamp:
3/31/2007 6:09:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:IjUpsH+YPc0hgYNn71NhxuwVUA0X5srEwz5ehUh:Iopq+ggW7rVUA0irEwz5Fh

Entry address:
0x312E

Entry point:
84, CB, 0F, AF, EB, 8B, DA, 20, EC, 69, C7, 32, 6C, 3C, F4, 52, 75, 02, FF, C5, 81, E3, B8, A0, 70, A8, F2, 2D, 3D, 85, 7E, 75, 84, E8, E8, 00, 00, 00, 00, 5F, 87, C5, 0F, BE, D9, 4B, B8, FF, D1, 62, 55, 87, F3, 85, C8, 22, D2, 81, C7, 5D, 22, 02, 00, 12, E7, 81, C7, E9, A6, 00, 00, 0D, 1B, F1, B7, F4, 72, 07, 85, D1, 0D, 46, 67, 5A, FD, 0F, AF, CB, 0F, AF, D3, 1C, B7, F6, C6, DE, 87, F6, 8A, D3, FF, CD, 38, EC, 86, C0, 48, 57, 0F, BF, CA, 0F, AF, F5, 11, C1, 25, 28, A3, 3E, 4B, 8A, C7, 69, D6, 7C, A9, BD...
 
[+]

Entropy:
7.9996  (probably packed)

Code size:
22.5 KB (23,040 bytes)

Remove clash farmer bot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.