hack para pb atualizado.exe

The executable hack para pb atualizado.exe has been detected as malware by 40 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘svchost’. The file has been seen being downloaded from fs08n5.sendspace.com and multiple other hosts.
MD5:
f5354d63267e03ae3d1b1deaa0d43e99

SHA-1:
8f93b5039def405701c4d22bed27d9cdf23bf9e1

SHA-256:
c6969b2e2cef81bdce4855737b1d824f1f744bd4aa34ee79e20aac1595e29809

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
12/28/2024 1:31:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BKQM
265

AegisLab AV Signature
Troj.W32.Swisyn.l5k8
2.1.4+

AhnLab V3 Security
Trojan/Win32.Llac
2016.05.15

Avira AntiVirus
TR/Spy.Gen
8.3.3.4

Arcabit
Trojan.Agent.BKQM
1.0.0.680

avast!
Win32:AutoRun-CIN [Trj]
2014.9-160514

AVG
Luhe.Boxed.A
2017.0.2743

Baidu Antivirus
Win32.Trojan.Agent
4.0.3.16514

Bitdefender
Trojan.Agent.BKQM
1.0.20.675

Clam AntiVirus
Win.Trojan.Agent-36200
0.99.211

Comodo Security
TrojWare.Win32.PSW.Delf.~JHN
25017

Dr.Web
BackDoor.Cybergate.1
9.0.1.0135

Emsisoft Anti-Malware
Trojan.Agent.BKQM
8.16.05.14.08

ESET NOD32
Win32/Spatet
10.13489

Fortinet FortiGate
W32/Llac.GFU!tr
5/14/2016

F-Prot
W32/Rebhip.A.gen
v6.4.7.1.166

F-Secure
Backdoor:W32/Spyrat.A
11.2016-14-05_7

G Data
Trojan.Agent.BKQM
16.5.25

IKARUS anti.virus
Worm.Win32.Rebhip
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.225.19598

Kaspersky
Trojan.Win32.Bublik
14.0.0.211

Malwarebytes
Trojan.Agent.DF
v2016.05.14.08

McAfee
Generic PWS.di
5600.6399

Microsoft Security Essentials
Worm:Win32/Rebhip.Z
1.1.12706.0

MicroWorld eScan
Trojan.Agent.BKQM
17.0.0.405

NANO AntiVirus
Trojan.Win32.Bublik.dofkrs
1.0.30.8213

nProtect
Trojan.Agent.BKQM
16.05.13.01

Panda Antivirus
Trj/Ransom.AB
16.05.14.08

Qihoo 360 Security
QVM05.1.Malware.Gen
1.0.0.1120

Quick Heal
Worm.Rebhip.A8
5.16.14.00

Rising Antivirus
Worm.Rebhip!1.A338
23.00.65.16512

Sophos
W32/Rebhip-AR
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Rebhip
9143

Total Defense
Win32/Spyrat!generic
37.1.62.1

Trend Micro House Call
TSPY_SPATET.SMT
7.2.135

Trend Micro
TSPY_SPATET.SMT
10.465.14

Vba32 AntiVirus
Trojan.Bublik
3.12.26.4

VIPRE Antivirus
Worm.Win32.Rebhip.A
49372

ViRobot
Trojan.Win32.U.Agent.289280[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Llac.Win32.3683
2.0.0.2863

File size:
279.5 KB (286,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hack para pb atualizado.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:VxJsGLnSkkvkkvkkFnoxDNT/xQphU+jrlgzfuzt91C9NDyWId98HhqbxtHGZC:HJsGGkkvkkvkkFn4h/xQp6+tqOYy9zow

Entry address:
0xBBF0

Entry point:
55, 8B, EC, B9, 0B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, B8, 00, BB, 40, 00, E8, 0E, 78, FF, FF, 33, C0, 55, 68, C0, C0, 40, 00, 64, FF, 30, 64, 89, 20, 68, D0, C0, 40, 00, 6A, 00, 6A, 00, E8, 42, 79, FF, FF, 8B, D8, E8, C3, 79, FF, FF, 3D, B7, 00, 00, 00, 75, 12, 53, E8, FE, 78, FF, FF, 68, E0, 2E, 00, 00, E8, 34, 7A, FF, FF, EB, 06, 53, E8, EC, 78, FF, FF, 68, E4, C0, 40, 00, 6A, 00, 6A, 00, E8, 0E, 79, FF, FF, 8B, D8, E8, 8F, 79, FF, FF, 3D, B7, 00, 00, 00, 0F, 85, 2A, 02, 00, 00, 53, E8, C6, 78...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
44.5 KB (45,568 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
svchost

Command:
C:\Windows\System32\microsoft\svchost.exe


The file hack para pb atualizado.exe has been seen being distributed by the following 5 URLs.

https://fs08n5.sendspace.com/dl/7e7eb33788f7bef18b75af1fd9b5d9ff/577feb163bc54c2d/.../HACK PARA PB ATUALIZADO.exe

https://fs08n3.sendspace.com/dl/423c63fd409712aed96b477a391deb87/57bcbb0965545329/.../HACK PARA PB ATUALIZADO.exe

https://fs08n1.sendspace.com/dl/6889c8f6fdcd7dca6f5b0573293de41d/57e5f2d04db6a12d/.../HACK PARA PB ATUALIZADO.exe

Remove hack para pb atualizado.exe - Powered by Reason Core Security