filehost_metin2bob.exe

The executable filehost_metin2bob.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from dl.girlshare.ro.
Version:
1.0.0.0

MD5:
dffb3893f18e42b8a8a4291b0f176ede

SHA-1:
bf032d2a2ad596d5caf65e7361c0421f04e975cb

SHA-256:
c45a8bb48b033ffff9410c97ace5f04584241661c3a03f54d5e029dff59037f0

Scanner detections:
31 / 68

Status:
Malware

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
11/5/2024 2:37:14 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
TrojanSpy.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Petun
2013.08.18

Avira AntiVirus
TR/Spy.Gen
7.11.97.32

avast!
MSIL:KeyLogger-BN [Trj]
2014.9-160227

AVG
ILAgent
2017.0.2821

Bitdefender
Gen:Heur.MSIL.Krypt.3
1.0.20.290

Comodo Security
Worm.Win32.KeyLogger.AutoRun.AE
16784

Dr.Web
Trojan.Siggen3.14508
9.0.1.058

Emsisoft Anti-Malware
Gen:Heur.MSIL.Krypt
8.16.02.27.10

ESET NOD32
MSIL/Spy.Agent.BP (variant)
10.8699

Fortinet FortiGate
MSIL/KeyLogger.BA!tr
2/27/2016

F-Prot
W32/MSIL_Troj.F.gen
v6.4.7.1.166

F-Secure
Gen:Heur.MSIL.Krypt.3
11.2016-27-02_7

G Data
Gen:Heur.MSIL.Krypt
16.2.22

IKARUS anti.virus
Virus.PSW.ILSpy
t3scan.2.0.127

K7 AntiVirus
Riskware
13.170.9312

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.598

Malwarebytes
Trojan.Keylogger.MSIL
v2016.02.27.10

McAfee
Trojan-FCTX!DFFB3893F18E
5600.6477

Microsoft Security Essentials
PWS:MSIL/Petun.A
1.163.1557.0

MicroWorld eScan
Gen:Heur.MSIL.Krypt.3
17.0.0.174

NANO AntiVirus
Trojan.Win32.Siggen3.caldyl
0.26.0.53954

Norman
KeyLogger.KBA
11.20160227

nProtect
Trojan/W32.Agent.43008.PK
13.08.16.03

Panda Antivirus
Generic Malware
16.02.27.10

Rising Antivirus
Trojan.MSIL.KeyLogger!22E5
23.00.65.16225

Sophos
Mal/MSIL-BI
4.91

SUPERAntiSpyware
Trojan.Agent/Gen-MSIL
9298

Trend Micro House Call
TROJ_GEN.R0CCC0DHA13
7.2.58

Trend Micro
TROJ_GEN.R0CCC0DHA13
10.465.27

VIPRE Antivirus
Trojan-PWS.MSIL.Petun.a
20614

File size:
42 KB (43,008 bytes)

Product version:
1.0.0.0

Original file name:
Metin2BOB.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\filehost_metin2bob.exe

File PE Metadata
Compilation timestamp:
4/28/2013 8:33:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:Rh88VOvHPGjpTUebFwtC8cRfEosfSbpLCxXFnY5FFzujAMU51CEjgvKfhv:fVO/beWtJiEOpLCdFnY5F+GfCVY

Entry address:
0xBE9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

The file filehost_metin2bob.exe has been seen being distributed by the following URL.

Remove filehost_metin2bob.exe - Powered by Reason Core Security