» onehitcf synboz 4.0.exe
Overview
Analysis
File Details
Network (74)

onehitcf synboz 4.0.exe

qwe

w

The executable onehitcf synboz 4.0.exe has been detected as malware by 26 anti-virus scanners. While running, it connects to the Internet address 99.46.37a9.ip4.static.sl-reverse.com on port 443.

File name:

Publisher:

Product:

qwe

Version:

1.00.0515

MD5:

9d8432d5255732ff45c68dcdcb67a952

SHA-1:

81c361c5e3e0448242153fa1da38069268a08551

SHA-256:

5569de0457a5e5ba19d896c95bc174350f3224c46be9a58c327069d51e2a443c

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

12/26/2024 5:01:40 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2013.11.03

Avira AntiVirus

TR/Black.Gen2

7.11.110.180

AVG

Win32/Blacked

2017.0.2808

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.16311

Bitdefender

Gen:Variant.Strictor.319

1.0.20.355

Bkav FE

W32.Clod58e.Trojan

1.3.0.4261

Comodo Security

UnclassifiedMalware

17203

Emsisoft Anti-Malware

Gen:Variant.Strictor.319

8.16.03.11.04

ESET NOD32

Win32/Packed.VMProtect.ABD (variant)

10.8998

Fortinet FortiGate

W32/Generic.A!tr

3/11/2016

F-Secure

Gen:Variant.Strictor.319

11.2016-11-03_6

G Data

Gen:Variant.Strictor.319

16.3.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.127

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.534

Malwarebytes

Trojan.Agent.BL

v2016.03.11.04

McAfee

RDN/Generic.dx!cst

5600.6464

MicroWorld eScan

Gen:Variant.Strictor.319

17.0.0.213

Norman

Troj_Generic.QMYBB

11.20160311

Panda Antivirus

Trj/Genetic.gen

16.03.11.04

Quick Heal

(Suspicious) - DNAScan

3.16.12.00

Sophos

Mal/VMProtBad-A

4.94

SUPERAntiSpyware

Trojan.Agent/Gen-Strictor

9273

Trend Micro House Call

TROJ_GEN.R0CBC0OJN13

7.2.71

Trend Micro

TROJ_GEN.R0CBC0OJN13

10.465.11

VIPRE Antivirus

Trojan.Win32.Generic

22990

File size:

612 KB (626,688 bytes)

Product version:

1.00.0515

weq

Trademarks:

wqewqq

Original file name:

SynBoz.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\onehitcf synboz 4.0 atualizado 16-10-2013\onehitcf synboz 4.0.exe

File PE Metadata

Compilation timestamp:

10/14/2013 11:53:58 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:zrtdFWxpafPzrFTEmuY6niPSweyJSUoYAbVyOzzx5SZskce+:zzIanFwmfMP5UKAyx4Wk+

Entry address:

0x13AB5F

Entry point:

9C, C7, 04, 24, ED, 3B, 28, 46, 9C, E8, AC, 09, F7, FF, 00, 00, 00, 00, 81, E3, F0, 0F, 00, 00, F8, F8, E9, 70, 24, 00, 00, C0, C8, 07, F9, 3D, 2B, CA, 00, C5, F5, F9, 83, EE, FF, F8, 66, 85, E9, F9, 00, C3, FF, 34, 24, FF, 34, 24, 66, 98, FF, 34, 24, 98, F8, E8, 40, 14, 00, 00, 66, C7, 44, 24, 04, F7, 9D, 57, 9C, 8F, 44, 24, 48, E8, 98, 1A, 00, 00, 89, 7C, 24, 20, 52, F3, 9C, 8F, 44, 24, 20, 88, 54, 24, 04, C6, 44, 24, 04, BF, E8, 08, 29, 00, 00, E9, E4, 04, 00, 00, FC, 8D, 7C, 01, C0, FD, E8, FF, 0C, 00... 
[+]

Code size:

112 KB (114,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-gru2.facebook.com (31.13.85.36:443)

TCP (HTTP):

Connects to ec2-54-207-34-156.sa-east-1.compute.amazonaws.com (54.207.34.156:80)

TCP (HTTP):

Connects to a104-105-137-59.deploy.static.akamaitechnologies.com (104.105.137.59:80)

TCP (HTTP):

Connects to ec2-52-55-152-195.compute-1.amazonaws.com (52.55.152.195:80)

TCP (HTTP):

Connects to a23-52-91-27.deploy.static.akamaitechnologies.com (23.52.91.27:80)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-02-gru2.fbcdn.net (157.240.12.16:443)

TCP (HTTP SSL):

Connects to a104-105-135-38.deploy.static.akamaitechnologies.com (104.105.135.38:443)

TCP (HTTP):

Connects to l3dsr-cserv-um-21.iad3.btrll.com (162.208.22.39:80)

TCP (HTTP):

Connects to server-54-239-180-32.gig50.r.cloudfront.net (54.239.180.32:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.114.211:80)

TCP (HTTP):

Connects to oneads-sspums-adtech-mtc-blue-b.evip.aol.com (152.163.56.2:80)

TCP (HTTP):

Connects to ec2-54-228-187-76.eu-west-1.compute.amazonaws.com (54.228.187.76:80)

TCP (HTTP):

Connects to ec2-52-193-200-174.ap-northeast-1.compute.amazonaws.com (52.193.200.174:80)

TCP (HTTP):

Connects to ec2-107-22-161-246.compute-1.amazonaws.com (107.22.161.246:80)

TCP (HTTP SSL):

Connects to cache.google.com (200.189.63.148:443)

TCP (HTTP):

Connects to bd062d09.virtua.com.br (189.6.45.9:80)

TCP (HTTP):

Connects to a23-7-125-118.deploy.static.akamaitechnologies.com (23.7.125.118:80)

TCP (HTTP):

Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net (72.167.239.239:80)

TCP (HTTP):

Connects to a104-105-143-76.deploy.static.akamaitechnologies.com (104.105.143.76:80)

TCP (HTTP SSL):

Connects to 89.a5.37a9.ip4.static.sl-reverse.com (169.55.165.137:443)

Remove onehitcf synboz 4.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.