compatibility.exe

M/s Tech AnB

The application compatibility.exe by M/s Tech AnB has been detected as adware by 5 anti-malware scanners. This is a setup program which is used to install the application. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from downloads.doubleoptmedia.com.
Publisher:
M/s Tech AnB  (signed and verified)

MD5:
2b50d93724dec7761bbb5119efca7bdb

SHA-1:
4fb1d008e40c421c37bd5803fb62cda46c6b51cb

SHA-256:
e08fb9e1d1800b853e70ef0ef9e77558ddefbbb0ad9f86409e3cbaedd3ff5d39

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
1/13/2025 3:54:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MsTechAnB.N
14.3.13.0

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14310

Trend Micro House Call
TROJ_GEN.F47V0311
7.2.71

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
27288

XVirus List
Win.Detected
2.3.31

File size:
1.2 MB (1,209,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\compatibility.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/10/2014 3:00:00 AM

Valid to:
2/11/2015 2:59:59 AM

Subject:
CN=M/s Tech AnB, O=M/s Tech AnB, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C12161D8036677E0A09B9580299D979F

File PE Metadata
Compilation timestamp:
3/10/2014 6:16:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:xn7k2HQj4Hgd4wGCFx9xBXigM2GxVyA9rUoEB+MnBDZ:xXfA2wGaDBXigluFBABDZ

Entry address:
0x30E000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, D0, 11, 00, 2D, FF, 91, 0A, 10, 05, F4, 91, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 00, 7E, F0, 5F, 68, D1, 21, 3A, 3B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 42, BF, 37, 6B, 67, 1A, 45, 12, 3A, 87, AC, 17, 5A, 6B...
 
[+]

Entropy:
7.9456  (probably packed)

Code size:
42 KB (43,008 bytes)

The file compatibility.exe has been seen being distributed by the following URL.

Remove compatibility.exe - Powered by Reason Core Security