» image8835.exe
Overview
Analysis
File Details
Downloads (1)

image8835.exe

bama

The executable image8835.exe has been detected as malware by 27 anti-virus scanners. The file has been seen being downloaded from ppt.cc.

File name:

image8835.exe

Publisher:

bama

Product:

bama

Version:

0.0.0.0

MD5:

0bf1d3dd17aacae23311357ffc1a1b09

SHA-1:

0d6cde8759d9a92a2e8615b5b919d61c3a5f1c2f

SHA-256:

8b4722574cf9a7d6f281c9100d96790d21073e26e4ce60cb6190129d64beb26f

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

2/25/2025 7:38:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.MSILPerseus.1521

376

Agnitum Outpost

Backdoor.DarkKomet

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2015.12.12

Avira AntiVirus

TR/AD.SteamEczemaStealer.Y.443

8.3.2.4

Arcabit

Trojan.MSILPerseus.D5F1

1.0.0.629

avast!

Win32:Trojan-gen

2014.9-160125

AVG

Atros2

2017.0.2854

Baidu Antivirus

Backdoor.Win32.DarkKomet

4.0.3.16125

Bitdefender

Gen:Variant.MSILPerseus.1521

1.0.20.125

Dr.Web

Trojan.PWS.Steam.7835

9.0.1.025

Emsisoft Anti-Malware

Gen:Variant.MSILPerseus.1521

8.16.01.25.10

ESET NOD32

MSIL/Injector.MNK (variant)

10.12708

Fortinet FortiGate

MSIL/MMZ!tr

1/25/2016

F-Secure

Gen:Variant.MSILPerseus.1521

11.2016-25-01_2

G Data

Gen:Variant.MSILPerseus.1521

16.1.25

IKARUS anti.virus

Trojan.MSIL.Stimilik

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18087

Kaspersky

Backdoor.Win32.DarkKomet

14.0.0.763

McAfee

Artemis!0BF1D3DD17AA

5600.6510

Microsoft Security Essentials

PWS:MSIL/Stimilini.M

1.1.12300.0

MicroWorld eScan

Gen:Variant.MSILPerseus.1521

17.0.0.75

NANO AntiVirus

Trojan.Win32.Steam.dykbej

1.0.10.5081

Qihoo 360 Security

Win32/Trojan.c07

1.0.0.1077

Trend Micro

TROJ_GEN.R00JC0DK915

10.465.25

Vba32 AntiVirus

Backdoor.DarkKomet

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45768

ViRobot

Trojan.Win32.Agent.1440768[h]

2014.3.20.0

File size:

1.2 MB (1,234,944 bytes)

Product version:

0.0.0.0

Trademarks:

bama

Original file name:

bama.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\image8835.exe

File PE Metadata

Compilation timestamp:

10/28/2015 9:01:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:ERByIpB8y5uWAMn7pO7Tn4ZJHr0cn4knHu00vmSoBV:ELB7CMcO+m9

Entry address:

0x27B12

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5656

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

151 KB (154,624 bytes)

The file image8835.exe has been seen being distributed by the following URL.

http://ppt.cc/wwh1s

Remove image8835.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.