» osbuddy install.exe
Overview
Analysis
File Details
Downloads (1)

osbuddy install.exe

The executable osbuddy install.exe has been detected as malware by 24 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download1857.mediafire.com.

File name:

osbuddy install.exe

Version:

0.0.0.0

MD5:

5714e69b8ed958226fefaff133753ded

SHA-1:

93b3ddd01e1e7a5aa10350ed2a2b40311fd524b7

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/23/2024 12:21:51 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.532344

257

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2015.03.13

Avira AntiVirus

TR/Crypt.Xpack.140580

7.11.216.120

avast!

MSIL:Crypt-VO [Trj]

2014.9-160523

AVG

MSIL6

2017.0.2735

Bitdefender

Gen:Variant.Kazy.532344

1.0.20.720

Emsisoft Anti-Malware

Gen:Variant.Kazy.532344

8.16.05.23.03

ESET NOD32

MSIL/Kryptik.AUO (variant)

10.11309

Fortinet FortiGate

W32/Fsysna.AUO!tr

5/23/2016

F-Secure

Gen:Variant.Kazy.532344

11.2016-23-05_2

G Data

Gen:Variant.Kazy.532344

16.5.25

IKARUS anti.virus

Trojan.Win32.Fsysna

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15243

Kaspersky

Trojan.Win32.Fsysna

14.0.0.169

Malwarebytes

Backdoor.Agent.LDRGen

v2016.05.23.03

McAfee

RDN/Generic.dx!djg

5600.6391

MicroWorld eScan

Gen:Variant.Kazy.532344

17.0.0.432

NANO AntiVirus

Trojan.Win32.Fsysna.docfmw

0.30.0.296

Qihoo 360 Security

Win32/Trojan.3fe

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.144

Trend Micro

TROJ_FORUCON.BMC

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

38360

File size:

880 KB (901,120 bytes)

Product version:

0.0.0.0

Original file name:

OSBuddy v.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\documents and settings\robby\mijn documenten\downloads\osbuddy install.exe

File PE Metadata

Compilation timestamp:

1/9/2015 12:34:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:2ii2pMGewUEL+BBhGQmhJhSHL0DgpSVe5zNjRRJPN9y:7fvqBBIBhSxp4GRRJPa

Entry address:

0xC66FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

788 KB (806,912 bytes)

The file osbuddy install.exe has been seen being distributed by the following URL.

http://download1857.mediafire.com/iy81rvf4n3jg/.../OSBuddy Install.exe

Remove osbuddy install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.