injetor pb.exe

The executable injetor pb.exe has been detected as malware by 33 anti-virus scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from fs05n4.sendspace.com and multiple other hosts.
MD5:
3240dde974f15ef9583b39f1a520c66e

SHA-1:
461da13490a3f8ecb25a748542c4ae52ccc9b16c

SHA-256:
e9e129e2425894067114352f51272bcb58f285f743ef5e78f38c0c4a73c3a0a4

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
12/27/2024 5:11:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Delf.Agent.AH
393

Avira AntiVirus
BDS/Xtrat.ablu
8.3.2.4

Arcabit
Trojan.Generic.D2C7886
1.0.0.637

avast!
Win32:AutoRun-CCW [Wrm]
2014.9-160107

AVG
PSW.Generic9
2017.0.2871

Baidu Antivirus
Backdoor.Win32.Xtreme
4.0.3.1617

Bitdefender
Trojan.Delf.Agent.AH
1.0.20.35

Clam AntiVirus
Trojan.Xrat-6
0.98/21511

Comodo Security
TrojWare.Win32.Kryptik.BTN
23890

Dr.Web
Trojan.DownLoader3.32685
9.0.1.07

Emsisoft Anti-Malware
Trojan.Delf.Agent.AH
8.16.01.07.12

ESET NOD32
Win32/AutoRun.Remtasu
10.12804

Fortinet FortiGate
W32/Xtreme.BQJ!tr.bdr
1/7/2016

F-Prot
W32/Xtrat.A.gen
v6.4.7.1.166

F-Secure
Rogue:W32/FakeAv.BI
11.2016-07-01_5

G Data
Trojan.Delf.Agent.AH
16.1.25

IKARUS anti.virus
Trojan-Spy.Win32.KeyLogger
t3scan.1.9.5.0

K7 AntiVirus
P2PWorm
13.212.18285

Kaspersky
Backdoor.Win32.Xtreme
14.0.0.852

Malwarebytes
Backdoor.XTRat.Gen
v2016.01.07.12

McAfee
RDN/Generic BackDoor
5600.6527

Microsoft Security Essentials
Backdoor:Win32/Xtrat.A
1.1.12400.0

MicroWorld eScan
Trojan.Delf.Agent.AH
17.0.0.21

NANO AntiVirus
Trojan.Win32.Xtreme.dpkuuc
1.0.14.5380

nProtect
Trojan.Delf.Agent.AH
15.12.31.01

Panda Antivirus
Trj/CI.A
16.01.07.12

Quick Heal
Backdoor.Xtrat.AA8
1.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16105

Sophos
Mal/SillyFDC-A
4.98

Total Defense
Win32/KeyLogger.QFF
37.1.62.1

Trend Micro
TROJ_GEN.R047C0DL815
10.465.07

Vba32 AntiVirus
Backdoor.Poison
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46194

File size:
962.9 KB (986,036 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\injetor pb.exe

File PE Metadata
Compilation timestamp:
12/2/2014 8:07:30 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:o20gPgFKWEAeQQvJTjaMN9CzpmH9Jv5qRPVeigp:5KSiQhjv9CzpmfRAVeiC

Entry address:
0x1D5DB

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 4E, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
161.5 KB (165,376 bytes)

The file injetor pb.exe has been seen being distributed by the following 27 URLs.

https://fs05n4.sendspace.com/dl/9188f31a7474346940016325b03ef07b/5743162e788de6eb/.../Injetor PB.exe

https://fs05n5.sendspace.com/dl/097758d9720060fd5380c437c3873ec2/57e17deb710040b5/.../Injetor PB.exe

https://fs05n2.sendspace.com/dl/5323ee944c45156c604daaaf5fe25087/581d1cd7114c47f2/.../Injetor PB.exe

https://fs05n5.sendspace.com/dl/6e49b08c5eb2324dbde4684bb88626a2/582cead332ade264/.../Injetor PB.exe

https://fs05n4.sendspace.com/dl/13dc6c82287ff56ff7534c1b60b43b42/5691a481443e022c/.../Injetor PB.exe

https://fs05n2.sendspace.com/dl/dcf8ede35907bd3517d64b0faaa79289/57f3c7833fd286d9/.../Injetor PB.exe

https://fs05n1.sendspace.com/dl/c9e394d1ac37583f88c030e42cff5b05/583194763e8c4e46/.../Injetor PB.exe

https://fs05n5.sendspace.com/dl/9e35a8357c7f15da6d4d42a6cda7b26c/580e92aa160ec3da/.../Injetor PB.exe

https://fs05n3.sendspace.com/dl/03e84340008288af9d3fac4ca0e99082/57e191d2039b9804/.../Injetor PB.exe

https://fs05n3.sendspace.com/dl/7bbcfe948b440acc4f02f4d74ffbbf52/582a0869284ee746/.../Injetor PB.exe

https://fs05n5.sendspace.com/dl/b19cc8e3151d2afa0271dd8d42c7fb82/5751cb8c22b99314/.../Injetor PB.exe

https://fs05n3.sendspace.com/dl/bc19ab226a9bfc110934f8f1793479d0/57c2f573320b505f/.../Injetor PB.exe

https://fs05n3.sendspace.com/dl/e4981ad640da513506ba6099269a32e3/57e3046a58b89ac4/.../Injetor PB.exe

Remove injetor pb.exe - Powered by Reason Core Security