home

mbot_vsro110.exe

mBot

Botter's Heaven

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from files.fm and multiple other hosts.
Publisher:
Botter's Heaven

Product:
mBot

Description:
mBot for Silkroad Online

Version:
1, 0, 0, 0

MD5:
1c9e5f224771314c95a8902ebb177d5f

SHA-1:
652e3bef6d1d609e5e23f00c3c8bcbaa96953719

SHA-256:
4f17791bfbade207c01c4de9ed7d592c536eea6eee020623e378418ed4131717

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/15/2024 2:47:25 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Suspicious
7.1.1

Bkav FE
HW32.CDB
1.3.0.4613

File size:
3 MB (3,181,056 bytes)

Product version:
1, 0, 0, 0

Copyright:
(C) DoaD 2010

Original file name:
mBot.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
2/19/2012 1:01:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:0dXxm+8HV8+72BnIM7BM9NK/JHqN5KdXsmmwUhbcUPceEw7+j66FsoptheLLXE:WxcdYI+y9cAKlsVwObcU5Ew7BaBnh2X

Entry address:
0x9B6000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, A0, 17, 00, 2D, B9, CF, C7, 05, 05, AE, CF, C7, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, AE, C6, 34, 6F, 68, C5, EC, 7D, 49, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 59, 5E, 7A, 73, EA, 72, 89, BA, 91, A0, FC, 7A, 85, B4...
 
[+]

Entropy:
7.9724  (probably packed)

Code size:
1.1 MB (1,203,712 bytes)

Scheduled Task
Task name:
{DE73DB08-908D-4122-8E37-A8759CC703C5}

Trigger:
Registration (Runs on registration)


7 Windows Firewall Allowed Programs
Name:
D:\العاب\Prosro\Aligoda\mBot_vSRO110.exe

Name:
D:\1.MBOT\mBot_vSRO110.exe

Name:
E:\a\mBot_vSRO110.exe

Name:
C:\Documents and Settings\user\Pulpit\Nowy folder\SafkanSroClient\Dios-Online V.317\Dios mBot\mBot_vSRO110.exe

Name:
D:\Amr\mbot\GA\mBot_vSRO110.exe

Name:
D:\Khaled\Theta Online\New Folder\mBot-Vsrofiles\mBot_vSRO110.exe


The file mbot_vsro110.exe has been seen being distributed by the following 2 URLs.

https://files.fm/down.php?i=sabvavrp&n=mBot_vSRO110.exe

https://rs607p1.rapidshare.com/.../rsapi.cgi?sub=download&fileid=715857738&filename=mBot_vSRO110.exe

Scan mbot_vsro110.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.