home

gobuboligo.exe

The executable gobuboligo.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘gobuboligo’. While running, it connects to the Internet address satin.smoothhost.com on port 80 using the HTTP protocol.
MD5:
68cd124ed843099105fdcb631edfc170

SHA-1:
9095599cfbe9213fc6ab8b4bbd63512bf35ffb83

SHA-256:
b0f679e08fa79021b4effabaa02ed68f52420e7b77955de8275119a0f0474ec4

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
1/12/2025 9:03:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.641950
365

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
2015.10.25

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.2.2

Arcabit
Trojan.Kazy.D9CB9E
1.0.0.585

avast!
Win32:Evo-gen [Susp]
2014.9-160205

AVG
Agent
2017.0.2843

Bitdefender
Gen:Variant.Kazy.641950
1.0.20.180

Comodo Security
UnclassifiedMalware
23468

Dr.Web
Trojan.MulDrop3.14959
9.0.1.036

Emsisoft Anti-Malware
Gen:Variant.Kazy.641950
8.16.02.05.05

ESET NOD32
Win32/Kryptik.CJDR (variant)
10.12460

Fortinet FortiGate
W32/Kryptik.CJDR!tr
2/5/2016

F-Secure
Gen:Variant.Kazy.641950
11.2016-05-02_6

G Data
Gen:Variant.Kazy.641950
16.2.25

IKARUS anti.virus
Trojan.Win32.Agentb
t3scan.1.9.5.0

Kaspersky
Trojan.Win32.Agentb
14.0.0.709

Malwarebytes
Trojan.Inject
v2016.02.05.05

McAfee
GenericR-DUP!68CD124ED843
5600.6499

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12205.0

MicroWorld eScan
Gen:Variant.Kazy.641950
17.0.0.108

NANO AntiVirus
Trojan.Win32.Agentb.dssjup
0.30.26.3947

Panda Antivirus
Trj/Genetic.gen
16.02.05.05

Qihoo 360 Security
Win32/Trojan.a38
1.0.0.1015

Rising Antivirus
PE:Malware.RDM.18!5.18[F1]
23.00.65.16203

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9343

Trend Micro
TROJ_GEN.R0C1C0DH515
10.465.05

Vba32 AntiVirus
Trojan.Agentb
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44804

File size:
74.3 KB (76,032 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\office depot\gobuboligo.exe

File PE Metadata
Compilation timestamp:
11/27/2008 7:04:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:i4ijHdKPSEtGSCX4Qf4PTUwRFnbiWU72xarsoQzwfQ37GK2rv:/iJNtSCNKdiWi2kQzwfQ37GKm

Entry address:
0x1000

Entry point:
33, C9, 51, E8, E2, 02, 00, 00, 50, 8F, 05, 9D, 34, B2, 00, C7, 05, F1, 34, B2, 00, 30, 00, 00, 00, C7, 05, F5, 34, B2, 00, 03, 00, 00, 00, C7, 05, F9, 34, B2, 00, 2F, 11, B2, 00, C7, 05, FD, 34, B2, 00, 00, 00, 00, 00, C7, 05, 01, 35, B2, 00, 00, 00, 00, 00, FF, 35, 9D, 34, B2, 00, 8F, 05, 05, 35, B2, 00, C7, 05, 11, 35, B2, 00, 06, 00, 00, 00, C7, 05, 15, 35, B2, 00, 00, 00, 00, 00, C7, 05, 19, 35, B2, 00, 74, 12, B2, 00, 68, 00, 7F, 00, 00, 6A, 00, E8, 3D, 02, 00, 00, A3, 09, 35, B2, 00, A3, 1D, 35, B2...
 
[+]

Entropy:
5.8117

Code size:
1024 Bytes (1,024 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
gobuboligo

Command:
C:\users\office depot\gobuboligo.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.120:80)

TCP (HTTP):
Connects to satin.smoothhost.com  (50.97.65.91:80)

TCP (HTTP):
Connects to perfora.net  (74.208.215.199:80)

TCP (HTTP):
Connects to ht1.domain4all.nl  (178.250.193.121:80)

TCP (HTTP):
Connects to 62-210-140-158.rev.poneytelecom.eu  (62.210.140.158:80)

TCP (HTTP):
Connects to 217.19.237.54.static.hosted.by.combell.com  (217.19.237.54:80)

TCP (HTTP):
Connects to 198-1-85-250.unifiedlayer.com  (198.1.85.250:80)

Remove gobuboligo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.