fishbot.exe

The executable fishbot.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s10196.chomikuj.pl.
MD5:
a5d8a9c5c9246b98a7a75f331376b6c5

SHA-1:
6698e6e48ff36b3aab39b8ad7dd34ced227b0d7f

SHA-256:
6d433b80c7d25fee0102f4f53571b4f04664bed4e99114b512fa77003af9e3dd

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/26/2024 2:22:30 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Spyware-gen [Spy]
160215-2

Dr.Web
Trojan.PWS.Plik.24
9.0.1.05190

Emsisoft Anti-Malware
Trojan.PWS.Delf.ILC
11.5.0.6191

ESET NOD32
Win32/PSW.OnLineGames.OWO trojan
7.0.302.0

F-Prot
W32/Trojan2.HUDG
4.6.5.141

F-Secure
Trojan.PWS.Delf.ILC
5.15.21

McAfee
Trojan.Generic PWS.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.1691.0

Norman
Trojan.PWS.Delf.ILC
29.02.2016 03:11:57

File size:
390 KB (399,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\fishbot.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:BEBSJ6p0nPC6QvWX6onQ6deDdPgR855fMyqG6RjpIcQc0NJVOlbx:l6pEPC6bjd05I854jpNQtmbx

Entry address:
0x52C3C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 5C, 2A, 45, 00, E8, 2C, 36, FB, FF, A1, 50, 40, 45, 00, 8B, 00, E8, D8, CC, FF, FF, 8B, 0D, 34, 41, 45, 00, A1, 50, 40, 45, 00, 8B, 00, 8B, 15, D0, 0E, 45, 00, E8, D8, CC, FF, FF, A1, 50, 40, 45, 00, 8B, 00, E8, 4C, CD, FF, FF, E8, 4F, 17, FB, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
327.5 KB (335,360 bytes)

The file fishbot.exe has been seen being distributed by the following URL.

Remove fishbot.exe - Powered by Reason Core Security