hacker cf br att 11 04.exe

The executable hacker cf br att 11 04.exe has been detected as malware by 35 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘23556fb1360f366337f97c924e76ead3’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
MD5:
8b73950a6d7179574e5ef96075c04bff

SHA-1:
3071e7cbaefb6eaf59261b15f7456c14f4325e75

SHA-256:
fb70005913cec097055b38798641120418fe76ac74cd235fc73ff2d4c2f231e3

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
11/15/2024 1:39:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSIL.Bladabindi.2
291

AegisLab AV Signature
Troj.W32.Gen.lu1m
2.1.4+

AhnLab V3 Security
Win-Trojan/Bladabindi.Gen
2016.04.13

Avira AntiVirus
TR/Disfa.boii
8.3.3.4

Arcabit
Trojan.MSIL.Bladabindi.2
1.0.0.669

avast!
MSIL:Agent-ANE [Trj]
2014.9-160418

AVG
MSIL
2017.0.2769

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.16418

Bitdefender
Gen:Variant.MSIL.Bladabindi.2
1.0.20.545

Clam AntiVirus
Win.Worm.Njrat-2
0.98/21511

Comodo Security
TrojWare.MSIL.Disfa.A
24787

Emsisoft Anti-Malware
Gen:Variant.MSIL.Bladabindi
8.16.04.18.10

ESET NOD32
MSIL/Bladabindi
10.13325

Fortinet FortiGate
MSIL/Agent.PPB!tr
4/18/2016

F-Prot
W32/MSIL_Troj.AP.gen
v6.4.7.1.166

F-Secure
Gen:Variant.MSIL.Bladabindi.2
11.2016-18-04_2

G Data
Gen:Variant.MSIL.Bladabindi
16.4.25

IKARUS anti.virus
Trojan.Inject
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.221.19285

Kaspersky
Trojan.MSIL.Disfa
14.0.0.340

Malwarebytes
Backdoor.Bot.MSIL
v2016.04.18.10

McAfee
BackDoor-FBMR!8B73950A6D71
5600.6425

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AA
1.1.12603.0

MicroWorld eScan
Gen:Variant.MSIL.Bladabindi.2
17.0.0.327

NANO AntiVirus
Trojan.Win32.Disfa.cuyyww
1.0.30.7834

Panda Antivirus
Generic Malware
16.04.18.10

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Bladabindi.A3
4.16.14.00

Rising Antivirus
PE:Backdoor.Bot!1.6675 [F]
23.00.65.16416

Sophos
Mal/MSIL-FE
4.98

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.109

Trend Micro
BKDR_BLADABI.SMC
10.465.18

Vba32 AntiVirus
Trojan.MSIL.Disfa
3.12.26.4

VIPRE Antivirus
Trojan.MSIL.Bladabindi.f
48586

Zillya! Antivirus
Trojan.Disfa.Win32.49591
2.0.0.2779

File size:
405 KB (414,720 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\hacker cf br att 11 04.exe

File PE Metadata
Compilation timestamp:
4/11/2016 9:18:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ytHdoCUBCjlKUpfn0tyZJ4AQHsnUVneTrVVVosz:ytfUBySHNend

Entry address:
0xC50E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41.5 KB (42,496 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
23556fb1360f366337f97c924e76ead3

Command:
"C:\users\{user}\appdata\roaming\svchost.exe"..


The file hacker cf br att 11 04.exe has been seen being distributed by the following URL.

Remove hacker cf br att 11 04.exe - Powered by Reason Core Security