onlcrit_dota2.exe

The executable onlcrit_dota2.exe has been detected as malware by 35 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. The file has been seen being downloaded from fs06n4.sendspace.com.
MD5:
250002cb074444e5221161d37e080332

SHA-1:
fe8f6e9bd5d2866f35b56218c41466355055b1fa

SHA-256:
366a19c3d83056e6aa69061190ea281a31746db78e58da6648fb5a0a3e3a0cfa

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
12/25/2024 3:02:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Agent.BRML
209

AegisLab AV Signature
Troj.Spy.W32.Zbot.ld0o
2.1.4+

AhnLab V3 Security
Trojan/Win32.Ruftar
2016.05.30

Avira AntiVirus
TR/Spy.ofkj
8.3.3.4

Arcabit
Trojan.Agent.BRML
1.0.0.696

avast!
Win32:Malware-gen
2014.9-160709

AVG
Dropper.Generic7
2017.0.2687

Baidu Antivirus
Win32.Trojan-Dropper.Delf
4.0.3.1679

Bitdefender
Dropped:Trojan.Agent.BRML
1.0.20.955

Clam AntiVirus
Win.Trojan.Agent-345883
0.98/21511

Comodo Security
TrojWare.Win32.TrojanDropper.Delf.SOC
25135

Dr.Web
Trojan.Packed.20771
9.0.1.0191

Emsisoft Anti-Malware
Dropped:Trojan.Agent.BRML
8.16.07.09.05

ESET NOD32
Win32/TrojanDropper.Delf.OEF
10.13567

Fortinet FortiGate
W32/DROPPER.PAG!tr
7/9/2016

F-Prot
W32/Trojan3.TRB
v6.4.7.1.166

F-Secure
Dropped:Trojan.Agent.BRML
11.2016-09-07_7

G Data
Dropped:Trojan.Agent.BRML
16.7.25

IKARUS anti.virus
Worm.Win32.Agent
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.226.19749

Kaspersky
Trojan-Dropper.Win32.Delf
14.0.0.-69

Malwarebytes
Trojan.Agent.DF
v2016.07.09.05

McAfee
BackDoor-FDFL!6A8076194C1C
5600.6343

Microsoft Security Essentials
Backdoor:Win32/Slingup.A
1.1.12805.0

MicroWorld eScan
Dropped:Trojan.Agent.BRML
17.0.0.573

NANO AntiVirus
Trojan.Win32.Usteal.wpkmu
1.0.30.8482

nProtect
Dropped:Trojan.Agent.BRML
16.05.30.01

Panda Antivirus
Trj/Genetic.gen
16.07.09.05

Qihoo 360 Security
QVM41.1.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Generic!yZCe2eML7zD@3 (Thunder)
23.00.65.16707

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_FSYSNA_EJ130007.UVPM
7.2.191

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
49750

ViRobot
Trojan.Win32.A.Scar.451584.A[h]
2014.3.20.0

File size:
3 MB (3,187,712 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\onlcrit_dota2.exe

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:Lhu7lN0d88PxiRoabkahO65u74gjyCHdmHC:cH8ZivO6eHdmHC

Entry address:
0x20CC

Entry point:
55, 8B, EC, B9, 0C, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 9C, 20, 40, 00, E8, 6B, FA, FF, FF, 33, C0, 55, 68, 61, 23, 40, 00, 64, FF, 30, 64, 89, 20, 8D, 55, EC, B8, 78, 23, 40, 00, E8, 44, FE, FF, FF, 8B, 45, EC, E8, 14, FF, FF, FF, 8B, F8, 85, FF, 0F, 8E, 30, 02, 00, 00, BB, 01, 00, 00, 00, 8D, 55, E0, 8B, C3, E8, D3, FE, FF, FF, 8B, 4D, E0, 8D, 45, E4, BA, 84, 23, 40, 00, E8, 63, F6, FF, FF, 8B, 45, E4, 8D, 55, E8, E8, 08, FE, FF, FF, 8B, 55, E8, B8, 80, 46, 40, 00, E8, 3B, F5, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
5 KB (5,120 bytes)

The file onlcrit_dota2.exe has been seen being distributed by the following URL.

Remove onlcrit_dota2.exe - Powered by Reason Core Security