elfbot-4.5.9.exe

ElfBot NG

NGSoft, LLC

The executable elfbot-4.5.9.exe, “ElfBot NG Setup ” has been detected as malware by 14 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from s8375.chomikuj.pl and multiple other hosts.
Publisher:
NGSoft, LLC

Product:
ElfBot NG

Description:
ElfBot NG Setup

MD5:
7282aa8e4e4453fbc07eb242ffec532f

SHA-1:
a313939b89bfa7c76fedd60df4cd4c8f881e227a

SHA-256:
8c0fe8e8dfa50aa4878d363ec8af50622880ffc2b397f0770c8f33be99cf4f4f

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
11/23/2024 2:49:05 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic33
2015.0.3434

Bkav FE
W32.Clod4ca.Trojan
1.3.0.4959

Dr.Web
Trojan.Siggen5.3991
9.0.1.0174

F-Prot
W32/MalwareF.MUBX
v6.4.7.1.166

McAfee
Artemis!7282AA8E4E44
5600.7090

NANO AntiVirus
Trojan.Win32.Siggen5.csrmgq
0.28.0.60253

Norman
Troj_Generic.ICKO
11.20140623

nProtect
Trojan/W32.Buzus.2110837
14.06.22.01

Rising Antivirus
PE:Trojan.Win32.Generic.12403122!306196770
23.00.65.14621

Sophos
Mal/Generic-S
4.98

Vba32 AntiVirus
TrojanDownloader.Dadobra
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
30532

ViRobot
Backdoor.Win32.A.Hupigon.2110837
2011.4.7.4223

XVirus List
Win32.Detected
2.6.23

File size:
2 MB (2,110,837 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\elfbot-4.5.9.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:52:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:/2Zg9mahmfDz9mPNmnKyqbuyWtKgjJjvoJXM:ej3fdMvHCyWt/dQJc

Entry address:
0x9B24

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, EC, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, EC, CD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file elfbot-4.5.9.exe has been seen being distributed by the following 50 URLs.

http://s8375.chomikuj.pl/File.aspx?e=pLlCdVNWMxx15sFWjy7Mm-IN-B_yvmh4C1OPtHGML37m7XOXjsfo1f921hAi-hZ4NuXho_oA2APD5HTasJ0s2HvLBvrDAbxOnyHrlO9lvFWFJ5i-FOJd0bdPbpyUl2YsqPZpAPPmpL2ZwmaTGkDplQ&pv=2

http://fileshare1280.depositfiles.org/auth-14876058731979a50cf3438d3f448c08-201.40.214.176-115867857-113662743-guest/.../ElfBot-4.5.9.exe

http://download885.mediafire.com/321imx30egjg/.../setup-4.5.9.exe

http://download730.mediafire.com/kpabcq2fin8g/.../ElfBot-4.5.9.exe

http://dc344.4shared.com/download/.../ElfBot-459.exe

http://s8375.chomikuj.pl/File.aspx?e=pLlCdVNWMxx15sFWjy7Mm-IN-B_yvmh4C1OPtHGML34ewuDgN0zNC4jT2QsyFpw8Mds3UTVFojJcpgULSGMEzrC5X0UrQdmTQ9W4F6Ms_VmL9YhSMxBMvtwjIkhjp0hLQT41fDPedt6lkpp0yD3CNg&pv=2

http://fileshare1280.depositfiles.org/auth-14816488898428e099c384e6d096f80f-200.138.249.141-63333012-113662743-guest/.../ElfBot-4.5.9.exe

http://fileshare1280.depositfiles.org/auth-14481041937edca908bba0e6bc87546c-181.213.59.44-2362799368-113662743-guest/.../ElfBot-4.5.9.exe

http://fileshare1280.depositfiles.org/auth-1470859529505fcc6faa2d4e167a2ba1-189.4.75.116-2646253881-113662743-guest/.../ElfBot-4.5.9.exe

http://download1616.mediafire.com/u9ueynnmaq3g/.../setup-4.5.9.exe

http://s8375.chomikuj.pl/File.aspx?e=pLlCdVNWMxx15sFWjy7Mmz3aZGLH_UMtp0y8MvkGA1sB8g8DX_ICXLX7-pzagn49czhCvZdeND41a_UdQh6f2YhCAzgE_fOhC65wAFSrWovKDNXovZ2gdwY4ixLpBJQ2awE35vaR_Kss3zIlr_7-Ew&pv=2

http://download2063.mediafire.com/b4h567qbi5rg/.../setup-4.5.9.exe

http://poczta10.o2.pl/?cmd=getpart&link=wVvfwLkk3HfRcHlySAtPzbaODNAN2OtLTPsczNohWaZjSMeP3OxPTPwPjN6eDNVhnYwjzMwcDORczMJ83bwjDNRNjNwNDOJ8jNZjTMJ8DbadiMs8CMslz02s6CGi00RDMyAGlPXZYbCcaajLVKSOfBGeVkQGlFmbYBAekRDAskQGERDAoOzNAbTOZkQGiRDAsNTMkezM2kRGkRDAsMDOAMTMAkTGRRDAsMTMkJDMAJjMpVDMZgzM6gTMZkRGoRHAt7jcsfBAAXAGlZGbpFlbYBHeZkTGsRDAoOzNAbzMVkTGwRDAsMDOAMzN6kRGwRANkDCIi01AAwzAAlPXZYbCcaajLVKSOfBGeVk

http://download1609.mediafire.com/mimelsud3zwg/.../setup-4.5.9.exe

http://download1402.mediafire.com/zlj2e5xtlcsg/.../setup-4.5.9.exe

http://download14.mediafire.com/61x3tdao5btg/.../setup-4.5.9.exe

http://fileshare1280.depositfiles.org/auth-14731986165c4fc5e100f039d1334edf-187.62.7.161-2674165368-113662743-guest/.../ElfBot-4.5.9.exe

http://download14.mediafire.com/3amla8kiufpg/.../ElfBot-4.5.9.exe

https://nowy.tlen.pl/api/v2/mails/messages/10001-a54bfb82d9740631814c1490/.../1.2

ftp://192.168.1.15:3721/.../ElfBot-4.5.9.exe

http://download2063.mediafire.com/3hvjjxazx7cg/.../setup-4.5.9.exe

http://poczta.o2.pl/?cmd=getpart&link=yLMBQAkWsxpTUl02gSAtPzbabDMwf2OtLTPVOjMAhWaZjSMeP3OxPTPsNTMoMjMAhnYwjjMoNDM6PzNJ83bwjjM6fjMRPjMJ8jNZjTMJ8DbadiMs8CMskwAikHAxBHdUMTLZKSNefmLUeQZk

http://fileshare1280.depositfiles.org/auth-146110158795eec493f74b1b13761952-177.192.137.31-2538072435-113662743-guest/.../ElfBot-4.5.9.exe

http://dc386.4shared.com/download/.../ElfBot-459.exe

http://fileshare1280.depositfiles.org/auth-14736234493dadb6c7150ce2891d6c51-177.158.246.100-2679014897-113662743-guest/.../ElfBot-4.5.9.exe

http://s8375.chomikuj.pl/File.aspx?e=pLlCdVNWMxx15sFWjy7Mm-IN-B_yvmh4C1OPtHGML36cExbL9EVV9UoJ2oOVsJ0z71_VpuLZreHyMFrEcZH37DT32cShQpGP_o_2pqwcdo045zLUzI754oKS5TuMvcRU9yGqhB-5ckkhL4xwRWmSoQ&pv=2

http://fileshare1280.depositfiles.org/auth-148073599246043628c8c6537a8fd065-168.194.107.117-54384550-113662743-guest/.../ElfBot-4.5.9.exe

http://download1018.mediafire.com/2nf5d9l7m2pg/.../ElfBot-4.5.9.exe

http://s8375.chomikuj.pl/File.aspx?e=pLlCdVNWMxx15sFWjy7Mm-IN-B_yvmh4C1OPtHGML37nMouP0ytPBshZVqIj3sUEjbkMAk5v3QyPVceBu2CYv4ra4G0CpVJWbBQ6rNeGx3LwZtoFJEHTZvwb1qlAHLZBBfm5fZBt9kDE18YwRxQ63g&pv=2

http://download1616.mediafire.com/279uajyd2u7g/.../setup-4.5.9.exe

Latest 30 of 95 download URLs

Remove elfbot-4.5.9.exe - Powered by Reason Core Security