home

moffibdezrem.exe

The executable moffibdezrem.exe has been detected as malware by 38 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘moffibdezrem’. While running, it connects to the Internet address servermule.ecss.com.au on port 80 using the HTTP protocol.
MD5:
07889087ac6f39a7d26bba5e1c23e7df

SHA-1:
67c27bcd4828364195dc333b9509f7f65b2c98a9

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
11/27/2024 10:48:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Upatre.Gen.1
-23

AhnLab V3 Security
Trojan/Win32.MDA
2016.04.24

Avira AntiVirus
TR/Drop.Cutwail.25
8.3.3.4

Arcabit
Trojan.Upatre.Gen.1
1.0.0.672

avast!
Win32:Malware-gen
2014.9-170226

AVG
Dropper.Generic9
2018.0.2455

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.17226

Bitdefender
Trojan.Upatre.Gen.1
1.0.20.285

Bkav FE
W32.KityckF.Trojan
1.3.0.7744

Comodo Security
UnclassifiedMalware
24862

Dr.Web
Trojan.DownLoad.64914
9.0.1.057

Emsisoft Anti-Malware
Trojan.Upatre.Gen
8.17.02.26.06

ESET NOD32
Win32/Wigon.PH
11.13383

Fortinet FortiGate
W32/Wigon.PH!tr
2/26/2017

F-Prot
W32/Backdoor2.HVPJ
v6.4.7.1.166

F-Secure
Trojan.Upatre.Gen.1
11.2017-26-02_1

G Data
Trojan.Upatre.Gen
17.2.25

IKARUS anti.virus
Trojan.Win32.Wigon
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.222.19405

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1229

Malwarebytes
Trojan.Agent.MSC
v2017.02.26.06

McAfee
Artemis!07889087AC6F
5600.6111

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12603.0

MicroWorld eScan
Trojan.Upatre.Gen.1
18.0.0.171

NANO AntiVirus
Trojan.Win32.Cutwail.deahzm
1.0.30.8000

nProtect
Trojan/W32.Agent.79048.B
16.04.22.01

Panda Antivirus
Trj/CI.A
17.02.26.06

Qihoo 360 Security
Win32/Trojan.c94
1.0.0.1120

Quick Heal
Trojan.Cutwail.r2
2.17.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.17224

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
8567

Trend Micro House Call
TROJ_SPNR.1AHN14
7.2.57

Trend Micro
TROJ_SPNR.1AHN14
10.465.26

Vba32 AntiVirus
Trojan.Cutwail
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
48882

ViRobot
Trojan.Win32.S.Agent.79048.B[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Cutwail.Win32.384
2.0.0.2809

File size:
77.2 KB (79,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\raf\moffibdezrem.exe

File PE Metadata
Compilation timestamp:
10/3/2008 4:25:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x11830

Entry point:
A1, 6C, 13, 40, 00, 81, EC, B0, 00, 00, 00, 56, 57, 6A, 64, 68, 98, 24, 41, 00, 6A, 6D, 50, FF, 15, 40, 10, 40, 00, 8B, 35, 6C, 13, 40, 00, 8D, 4C, 24, 28, 51, FF, 15, 20, 10, 40, 00, 68, 44, 11, 40, 00, FF, 15, 18, 10, 40, 00, 68, A0, 11, 40, 00, 6A, 01, 68, A0, 11, 40, 00, E8, B6, F7, FF, FF, 8B, 15, 68, 20, 41, 00, 8B, 42, 01, 68, 14, 16, 40, 00, A3, 84, 20, 41, 00, E8, 2E, F9, FE, FF, 83, C4, 04, 50, B1, 03, E8, E3, F9, FE, FF, 8B, 0D, A0, 11, 40, 00, 51, A3, 80, 25, 41, 00, E8, 32, FC, FF, FF, BA, 34...
 
[+]

Code size:
71 KB (72,704 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
moffibdezrem

Command:
C:\documents and settings\raf\moffibdezrem.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www4.gmoserver.jp  (211.123.214.8:80)

TCP (HTTP):
Connects to web45.webkontrol.doruk.net.tr  (212.58.2.53:80)

TCP (HTTP):
Connects to stats.goose.arvixe.com  (198.58.92.228:80)

TCP (HTTP):
Connects to ssd10.stablehost.com  (199.96.156.231:80)

TCP (HTTP):
Connects to servermule.ecss.com.au  (103.29.85.69:80)

TCP (HTTP):
Connects to server.infobanc.com  (75.102.9.70:80)

TCP (HTTP):
Connects to s15768303.onlinehome-server.info  (217.160.253.62:80)

TCP (HTTP):
Connects to s03.prag.webspace24.de  (78.46.96.68:80)

TCP (HTTP):
Connects to rweb6.webkontrol.doruk.net.tr  (82.151.132.26:80)

TCP (HTTP):
Connects to realssl.com  (74.86.204.227:80)

TCP (HTTP):
Connects to rdplf01.aquelia.net  (80.93.82.147:80)

TCP (HTTP):
Connects to p3nw8shg329.shr.prod.phx3.secureserver.net  (184.168.27.34:80)

TCP (HTTP):
Connects to lou.morroni.com  (198.178.249.200:80)

TCP (HTTP):
Connects to linweb24.ispservices.at  (195.3.124.154:80)

TCP (HTTP):
Connects to ip198.208-117-6.static.steadfastdns.net  (208.117.6.198:80)

TCP (HTTP):
Connects to ip-129-121-48-3.local  (129.121.48.3:80)

TCP (HTTP):
Connects to fradc1www001.e-iway.net  (195.68.112.156:80)

TCP (HTTP):
Connects to empripar.com  (94.76.204.80:80)

TCP (HTTP):
Connects to ec2-54-252-148-134.ap-southeast-2.compute.amazonaws.com  (54.252.148.134:80)

TCP (HTTP):
Connects to darinne.Ro  (193.189.99.8:80)

Remove moffibdezrem.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.