home

dbb92.exe

BDE MSM Configuration Utility

`

The executable dbb92.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address 213.202.229.103.static.rdns-uclo.net on port 80 using the HTTP protocol.
Publisher:
`

Product:
BDE MSM Configuration Utility

Description:
File folder

Version:
1.00

MD5:
2ac259cf1de5cfec6567867eae6d2f2b

SHA-1:
b45ff2213de7cab39f150adc5fa05da6431d7afe

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 3:55:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Generic
17.2.16.5

File size:
712 KB (729,088 bytes)

Product version:
1.00

Original file name:
BDEMMCFG

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\dbb92.exe

File PE Metadata
Compilation timestamp:
11/19/2016 2:59:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x3584

Entry point:
19, FA, C7, C7, 06, 58, C3, AC, F7, C1, 21, 0D, 38, 86, 8D, 3D, CB, 9C, 28, C7, 69, C9, 81, 1E, C5, 86, 3B, D5, 0F, AF, FF, B0, 2A, 87, CB, 8B, D5, BD, F1, 7A, E4, 2F, 85, E8, 76, 02, 85, C9, F7, C5, 07, CE, 9A, 39, E8, 12, 00, 00, 00, 8A, F6, 87, C8, 88, C0, F2, 0F, AF, DF, 69, F5, 56, F9, A4, 41, 3B, EA, 5B, F7, C2, 43, 43, BB, 1C, C7, C0, 3A, 03, 7A, AE, 8D, 2D, F7, BB, 02, 4B, 77, 03, 30, D8, F3, 0F, BE, EB, C7, C6, D3, FF, E3, 53, 1A, F7, 22, C3, FF, C7, 81, F6, 09, AC, 14, 5A, EB, 0B, BF, 6E, 8E, F0...
 
[+]

Entropy:
4.7866

Code size:
192 KB (196,608 bytes)

Windows Firewall Allowed Program
Name:
c:\windows\dbb92.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static-139-235-132-188.sadecehosting.net  (188.132.235.139:80)

TCP (HTTP):
Connects to 5-61-24-196.nrp.co  (5.61.24.196:80)

TCP (HTTP):
Connects to custip-1109.sedoparking.com  (91.195.240.109:80)

TCP (HTTP):
Connects to 213.202.229.103.static.rdns-uclo.net  (213.202.229.103:80)

TCP (HTTP):
Connects to e.13.c1ad.ip4.static.sl-reverse.com  (173.193.19.14:80)

TCP (HTTP):
Connects to fm.interiowo.pl  (217.74.66.160:80)

Remove dbb92.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.