home

kidumi_for_varodi.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.jumbomail.me.
Version:
4.2.12.0

MD5:
3e9f90653891ab9209866e69e4611ea4

SHA-1:
97ea860b1436c2ee508aa81faf1096062c061dd4

SHA-256:
9cff8bef0e8a3bdfe8e7057e7a5116ccd62b028af5ef2c1a4c965bc61564c729

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:25:58 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader8.32041
9.0.1.05190

File size:
3.5 MB (3,685,390 bytes)

Product version:
4.2.12.0

Copyright:
Copyright © 2012

Original file name:
Bot.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\kidumi_for_varodi.exe

File PE Metadata
Compilation timestamp:
2/1/2013 7:49:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:kF+FBdV9JI9ZNhCsj8Eeweygd7hdKqTrsEb2JfsXjqI6GOwMdk21puMegV:nBNONhCsjAyuTzTb4C2I3O9t1pusV

Entry address:
0x2035DB

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, CA, B6, 00, 80, 10, 00, 00, 00, C2, B7, 00, 80, 18, 00, 00, 00, 5E, BA, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0D, 00, 02, 00, 00, 00, A8, 00, 00, 80, 03, 00, 00, 00, 34, 07, 00, 80, 04, 00, 00, 00, 40, 0A, 00, 80, 05, 00, 00...
 
[+]

Entropy:
7.7261

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2 MB (2,102,784 bytes)

The file kidumi_for_varodi.exe has been seen being distributed by the following URL.

https://www.jumbomail.me/.../Downloads.aspx?sid=577872676976445A736C48464B3342347436653838673D3D

Scan kidumi_for_varodi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.