home

ifunbox_setup.exe

The executable ifunbox_setup.exe has been detected as malware by 38 anti-virus scanners. The file has been seen being downloaded from www.m3datarecovery.com and multiple other hosts.
MD5:
7b6145aa55ad3ee09103f98337e2311b

SHA-1:
e085afdfde88fbb20cd4b1e3fddd6a695e2ca310

SHA-256:
e4a6071f460662a7fa84b8f1e97211259baa5d3dbb8ea39118730dca15d1de9f

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
11/27/2024 12:44:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Worm.Generic.377772
535

Agnitum Outpost
Worm.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Gen
2014.08.16

Avira AntiVirus
W32/Renamer.A
7.11.30.172

avast!
Win32:Agent-AODJ [Trj]
2014.9-150819

AVG
Worm/Delf
2016.0.3013

Baidu Antivirus
Virus.Win32.Renamer
4.0.3.15819

Bitdefender
Worm.Generic.377772
1.0.20.1155

Bkav FE
W32.FakeExeYHPtv
1.3.0.4959

Clam AntiVirus
WIN.Virus.Gnamer
0.98/21411

Comodo Security
Worm.Win32.Delf.nj
19197

Dr.Web
Trojan.Inject1.28681
9.0.1.0231

Emsisoft Anti-Malware
Worm.Generic.377772
8.15.08.19.06

ESET NOD32
Win32/Delf.NRJ worm
9.7.0.302.0

Fortinet FortiGate
W32/Renamer.BQT!tr
8/19/2015

F-Prot
W32/Renamer.A.gen
4.6.5.141

F-Secure
Worm.Generic.377772
11.2015-19-08_4

G Data
Worm.Generic.377772
15.8.24

herdProtect (fuzzy)
variant of ground.exe
2015.10.5.21

IKARUS anti.virus
Virus.Win32.Renamer
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13054

Kaspersky
Virus.Win32.Renamer
14.0.0.1559

Malwarebytes
Trojan.Renamer.DF
v2015.08.19.06

McAfee
Virus.W32/Gnamer
5600.6669

Microsoft Security Essentials
Threat.Undefined
1.197.2.0

MicroWorld eScan
Worm.Generic.377772
16.0.0.693

NANO AntiVirus
Trojan.Win32.Renamer.lnwkz
0.28.2.61519

nProtect
Trojan/W32.Agent.534016.BS
14.08.14.01

Panda Antivirus
Trj/Renamer.H
15.08.19.06

Qihoo 360 Security
HEUR/Malware.QVM05.Gen
1.0.0.1015

Quick Heal
W32.Grenam.A
8.15.14.00

Rising Antivirus
PE:Trojan.Win32.Renamer.g!1075350850
23.00.65.15817

Sophos
W32/Renamer-K
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Soriam
9682

Total Defense
Win32/Tapi.D
37.0.11122

Trend Micro
TROJ_AGENT_005249.TOMB
10.465.19

Vba32 AntiVirus
Worm.Delf
3.12.26.3

VIPRE Antivirus
Threat.4775899
39354

File size:
521.5 KB (534,016 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/26/2011 3:37:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:orMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9V4:yZyCA8CBmn+RrNj9ay5I4

Entry address:
0x72814

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 14, 0E, 47, 00, E8, 43, 4A, F9, FF, 8B, 1D, 30, 53, 47, 00, 8B, 03, E8, 06, 60, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, 3B, 7D, FE, FF, 8B, 0D, 5C, 52, 47, 00, 8B, 03, 8B, 15, E0, 0A, 47, 00, E8, FC, 5F, FE, FF, 8B, 0D, 68, 53, 47, 00, 8B, 03, 8B, 15, 90, 05, 47, 00, E8, E9, 5F, FE, FF, 8B, 03, E8, 62, 60, FE, FF, 5B, E8, C0, 28, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5931

Developed / compiled with:
Microsoft Visual C++

Code size:
451 KB (461,824 bytes)

The file ifunbox_setup.exe has been seen being distributed by the following 14 URLs.

http://www.m3datarecovery.com/.../m3bitlockerrecoveryfree.exe

http://mhotspot.com/mHotspot_setup_latest.exe

http://gulf-soft.com/cftp/.../MYSQL_4.1_SETUP.exe

http://www.capitalheartlaboratory.com/7lrGVJ1bAwieykmZGX1njpHxNZoqfy816kzW2MM5ICGwzBoVWRiopnDxCM9Dp_PueLuJsO4kWq gbfnMFzDKYS7No7xxdrDImUzABo7GaEIpymsoXnQGTzPSMIGFSKZs Qdaju88bXA8QeMzBWhx1s6wiyv7vWTg5MGoKQMp0e7yRKLEAR_1WFm4zifGnnIdCQaMFIJIrqY5NaC7483fc3Ps1Urv3e2xorfwGLIHHHmX0rmnKaNQ476I63eC_hZyt0JyC6F2qEQJeOmZkbG9BCJXGYfYjJ42dwrTGLabo3hBjD sbse87GS15cjUGU0ONPZGtg36tKYzo0qM32EV6rNtWxpbv QNwFk f5p9iPD9A7qkeefbm H6vLPJVIKdCryj6MVnndjt7bHF57MuyX5Mu1Ak WKTJ63q8N6heuZs w3akok0GiZlrQbx0F9UkXjCGmS9NPm_rxAAVRVMBQ7eH1UNGA==-G1IAAETnFhsn0Q3VUJiMBwtzbE6dcuDQkvLmBUTHg8ewHZeXlPCNs9rKslZ02rkBCakHG28XTD6vgnUxMjizTR15aIWf-e

http://www.downloadpresentcity.com/JOMtzSigsNfsMmFFFccfU0_QxmqFnq8528bKnLM9T3PNuUJzWd7NpxmTOaZu2Kwly63UFU_w5sKLdzIgIx2lc32JU3hthAjnX9zUCMkW8EthHGkOUaEXTIBhwDWX0OVhWZM52qElw2nEfPnUHGPpRQt5IQ5zgYGqpquKl8JE5WBXtts zGdgTdxvpmc4CWwscrsnpWN8 DWfBceyZCSKY_KUDKpnkuMUj0xdkxqgprXBHKhvJcH64q1isnGvuTO139ZXZFxZETk0swYjbzhb8B_zOt31Oo2Wouvrtv1onyCVgAxPGuOiUxj9QUlkSF8noyDI4zeCiABFvhezOr3bC57ieygjGI0Vh7yelMmrgHTcqocKiPc3wbyIa SDwtgl8tCkZf7wktjHA6gKJLO7N6uW9y2bXjySmgY85p7SAKkYYVrf8x8xliqUaQFEJ0d94niU9bRMzkcrhOGh4ld9I8v962D 9uQMVkJzzHj_vF6Wb7IQApb3fJFxf9d wUslJNHAyEB2yHotfFcJMRJ6pMe3VcM66q7EdJSAhjB49nSOKRCcSzG 3N0IXi7FVGnmt4iAAtz73MDTSWoZYNRA_NvIHwbkqaBuB 9sVJ6iSyw 7isYqfRRpHWjmOleDAV1vx8M31ar-G10AAEQ315rRsGATWzIIijDk3A0OHKog0MiTGfeUhagZFO271nimyCXUwsIyQMUUarDoHzR_xvM uYbgu4WDBA==-e

http://www.ranchmetabits.com/bVQ9etHdWfJ2gZnVdLZntdaANkiXZCVgwIXr64BjYQDFss0a7l1f0dfu05ZyDpPvva0GrGZKw5B KUDhy1z23u5iJ8KuPGQyWBWZFc5DAlsgqso3gar1Ey9aupl00aLe6IHvZP_S0HYI6TVLVWDt3a1DI9EcrgykmJEPRj82ifZMSqhOEOQ=-GwkDAGSedtEfDy0C9zNMNVGXHmCYyAF7Wwwxn8TeGweerDHyswjMLT3GvC_O5Oh3vIeyEfhWnl0xYBtxo2iFByBP4Plg32_7Zlgzerr87kKI3NItLqg_R0lymf1ab2rYO0ZDRYEo7EMsmFYZXuhkywSCe9qQwgRn0g1Zk5mgIzKcAh0kqjoZWeBjTrTQN Ge5lMv0fjGcuIF36dPNOdy5GVGzN3WzqrdplMhgejn69pPTFYzl5XyaE7vR rYWfTIiMfM8HXsvmU7_Y55zY3FYwkedfK5E8enUWSasogd5MYZUgscnPXhoWL0t AsearSGq0df6lmhHLIFKi7 9v2WBunhAEDGxt59KccA9sA80qewVuOzWh7HAs9lUxqLcmFVaz2vjyK415MJSLxFEwvi185w68DZUbu42LkC45uHBTZTg1j5WZJm2ItKF0UdNsRge1lwy5uTcyfMzbnBs 0o 3OsvOUmoYpApCjdZnrqJC6jObQEYvjs1C1bwYG2UKsWaITYcUkwvtBFsxdRHmFQrFWHT4FfKWAtIdtJYelnfR90QPdfFV7jZ3MA6aKqLp0rAvBSTDO0LUBj8yqc5myd5WXAqb EqcrP6T TcDuNYApJdhoTwBLesQgH8hx5n1frRVT53iK8IjvquhqCDmk6ogQg_lDYGQ9zm98pxOFdEIIqpVPFMJWt7Kr s9PAXJpWnXAVHqWpefSRnqvJ9vGfizlJLSZjN9ZP804WA10QdBzEaziNRYhJ8_v8UwLtqvTnXLGbbPt5vLvm6u3VRZ9Vx

http://www.traidnt.net/vb/safety_link.php?url=http://www.cda-mp3.com/.../cda2mp3_converter.exe

http://www.capitalheartlaboratory.com/1OFUNO1CyYbXFoPrFjSk0NdFO6LyHNLt23fV57b62Q9xiFQq5dfIpQKBjFryB12HyFsRrMCTOC_d4BYhI8iTtUe300IroFUamM5WtgvQH2nr8w_eSkkza53uwzxHPPxetu5g_Nsz3g3lCf8VgQ02SbcUeaH2PrA 16iY_TJG5G3706RLzydcrXipjwOfjuO6337RgeTxkKAzkroDHh4 QYuDf0WJnsYwmRq5YBLwFEt51qnZHrjLKEhjo0eMxury MmBqq06Uz0eXSRJPSf3l9LD25J1Uj0GBh0clRa_7bF5j2n1no8X8Ah0V5lG52tTa2irgA7jrQKYoTH30CDaA_8ZePSXcLLVeJyxxW3MLxu_RyaWYMaxICUYfQ4anodvKuPCBAG1sSjMHFAOCfhG dinW VdMzWdMozb_575cr01gnz0f0=-GysAAATcZDFhTXx0DQgOOWB_CyTNAgw2xvA8oUYvrzHl6xBRN3HmRoKw_MHwAA==-e

http://z.stats136.com/dl/?z=1050&c=23643&name=MX Player&file=http://cloud.bluestacks.com/.../getdownload?platform=win

http://logmett.com/downloadfile.php?pvid=51

http://www.headmetavault.com/WKeGSCgq36t5YYljvxJxLH8bgtj6ed SYV02PV_8_TjADF9FGDauVmKdtf_0mCPHdJxwdLvmewPd0L7jaq65aO7QT3n5yF5fDkNl3NQZdFElpfHEn2SCMyQh3dmBddKM_SQSgs1mt_PfiHMMLw0O0919LGHlOPijMz9DAH1kaOLB7E3MVRgbSAgDw4UD8uNsEAAM6bArQ18hktAnKFkje3Nts9UuCWuRt yfrCK x2PCnUjxSgyGW2jPn0A6KWFPI9dEH9EAkDkPcjlIn41qXpmarDZ0GdXKAtLCKt51Wb 9bcIiZuIP5Q0DQDMG_cbsz2psU6T1wLFapf_FeqwKCsDDCRMlOy1kohmdHxzGM6Xe0NtM1dvv2Y6P2wLkOBj27UpkGaKvcWbSMl5jgA0eWsBVaXG3271FvmIdWQd418vi13PS1J8TE3QovL6p3oWs6gS7y5lH7oOQubmjICkeJEu1PPA4qkgHWcJtAKINPbq81KvKP4pVBeLTBMvAw7K9rzi4bECvSwSFbGAIdlfZVv9hTfnJzz1rGW1KiOpaBulX0uYoTaFT0KtrbiMlO5oXLQgvq0z5zF3ATqzRRpo97p4pHniS yiSlcy5VE7QPl6PH1zj6DPktkvAl1BWr72Qdeh_nlC0u0U5eDrE34NAxEX_2Y5YHfD0Hdl5qTQP93qH1 v5RL2PGZgNk6QAeNP3Pr6_ZVQz06bN4i31gKfI_bQRNzjeu6uoYBZnad9lTI43fMbtxrwRVcuJpdxq7fxuXKbRmRp7TXJmewA02pt_L_N00Ht794iVvE0FV4uY8TQ4RiUoZdp7km_lofHXWioJ0anRBXDa-Gy4AAEQ3F5slGeyny9EFwR_D5eddCCcCLSS3DuTGa74Jz DR685Mk8IaPXTgdNGPAg==

https://update.adblockplus.org/.../adblockplusie.exe

http://files.downloadnow.com/s/software/11/09/02/.../youtubedownloader.exe

http://bluetooth-driver-installer.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKiPo52jmpw=

Remove ifunbox_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.