filehost_hack m2 bob.exe

The executable filehost_hack m2 bob.exe has been detected as malware by 36 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from dl.girlshare.ro.
Version:
1.0.0.0

MD5:
31871dff9717ced2835e72e914fb5c9b

SHA-1:
0764c530be426d4cd176ff9e7e62d8c6d9397b48

SHA-256:
31772cd19a759c0d01e1749cede0b8282d76434f35f1d87b78648fcd77f5cfa0

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/24/2024 5:02:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Krypt.3
208

AegisLab AV Signature
Troj.Spy.Gen!c
2.1.4+

Avira AntiVirus
TR/Spy.Gen
8.3.3.4

Arcabit
Trojan.MSIL.Krypt.3
1.0.0.696

avast!
MSIL:KeyLogger-BN [Trj]
2014.9-160710

AVG
ILAgent
2017.0.2686

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.16710

Bitdefender
Gen:Heur.MSIL.Krypt.3
1.0.20.960

Clam AntiVirus
Win.Trojan.Petun-1
0.98/21511

Comodo Security
Worm.Win32.KeyLogger.AutoRun.AE
25157

Dr.Web
Trojan.Siggen3.14508
9.0.1.0192

Emsisoft Anti-Malware
Gen:Heur.MSIL.Krypt
8.16.07.10.11

ESET NOD32
MSIL/Spy.Agent.BP (variant)
10.13588

Fortinet FortiGate
MSIL/KeyLogger.BA!tr
7/10/2016

F-Prot
W32/MSIL_Troj.F.gen
v6.4.7.1.166

F-Secure
Gen:Heur.MSIL.Krypt.3
11.2016-10-07_1

G Data
Gen:Heur.MSIL.Krypt
16.7.25

IKARUS anti.virus
Virus.PSW.ILSpy
t3scan.2.0.9.0

K7 AntiVirus
Spyware
13.227.19787

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-75

Malwarebytes
Trojan.KeyLogger.MSIL
v2016.07.10.11

McAfee
Trojan-FCTX!31871DFF9717
5600.6342

Microsoft Security Essentials
PWS:MSIL/Petun.A
1.1.12805.0

MicroWorld eScan
Gen:Heur.MSIL.Krypt.3
17.0.0.576

NANO AntiVirus
Trojan.Win32.Siggen3.dcmwno
1.0.30.8482

nProtect
Trojan/W32.Agent.43008.OG
16.06.02.01

Panda Antivirus
Generic Malware
16.07.10.11

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
TrojanPWS.Petun.A3
7.16.14.00

Rising Antivirus
Trojan.MSIL.KeyLogger!1.647D
23.00.65.16708

Sophos
Mal/MSIL-BI
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Petun
9029

Trend Micro House Call
TSPY_PATUN.SMHA
7.2.192

Trend Micro
TSPY_PATUN.SMHA
10.465.10

VIPRE Antivirus
Trojan-PWS.MSIL.Petun.a
49842

ViRobot
Trojan.Win32.Z.Petun.43008.BT[h]
2014.3.20.0

File size:
42 KB (43,008 bytes)

Product version:
1.0.0.0

Original file name:
hack m2 bob.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\filehost_hack m2 bob.exe

File PE Metadata
Compilation timestamp:
10/30/2013 9:38:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:YhnkhkTUuQGeHTUS8GRDBmFqss6mqrsYoApLpO1FnV5FFzujAMU5GCEjgvJ:B09l8R+JZpLpO1FnV5F+GoCVx

Entry address:
0xBF4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6574

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

The file filehost_hack m2 bob.exe has been seen being distributed by the following URL.

Remove filehost_hack m2 bob.exe - Powered by Reason Core Security