pbiiuvda.exe

The executable pbiiuvda.exe has been detected as malware by 4 anti-virus scanners. It runs as a windows Service named “Event IKE Wired Network”. While running, it connects to the Internet address LASLAJAS on port 43319.
MD5:
e0b64f17a9d3bd61cdeffd9d8ad9e6ff

SHA-1:
4ed4f293477173e116cf9e48a08ae6e74deaee1b

SHA-256:
bfc13651373c2b94352bdf771d7d5409c30fceae6450531379323e7c06c744e7

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/23/2024 12:36:35 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160917-0

Dr.Web
Trojan.DownLoader22.58485
9.0.1.05190

ESET NOD32
Win32/Bayrob.BS trojan
6.3.12010.0

F-Secure
Variant.Zusy.189044
5.15.154

File size:
1.9 MB (1,981,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\pbiiuvda.exe

File PE Metadata
Compilation timestamp:
6/15/2014 5:23:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x180205

Entry point:
E8, 45, 90, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 11, 5A, 00, E8, 05, 54, 00, 00, E8, C5, 68, 00, 00, 0F, B7, F0, 6A, 02, E8, D8, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A7, 04, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, 22, 01, 00, 00, 59, E8...
 
[+]

Code size:
1.6 MB (1,682,944 bytes)

Service
Display name:
Event IKE Wired Network

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to LASLAJAS  (201.54.42.7:43319)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.119:80)

TCP:
Connects to static-201-244-94-42.static.etb.net.co  (201.244.94.42:20446)

TCP:
Connects to serial.autovision.gr  (212.205.99.88:40510)

TCP:
Connects to ppp-110-103.15-151.wind.it  (151.15.103.110:32416)

TCP:
Connects to nsg-static-90.61.75.182-airtel.com  (182.75.61.90:31189)

TCP:
Connects to net-91-81-114-207.cust.vodafonedsl.it  (91.81.114.207:25550)

TCP:
Connects to ip81-194-64-186.ct.co.cr  (186.64.194.81:27121)

TCP:
Connects to ip-190-53-35-75.ni.amnetdatos.net  (190.53.35.75:35383)

TCP:
Connects to imi-48.imi.net.mx  (148.245.105.48:38099)

TCP:

TCP:
Connects to host-181-198-193-161.netlife.ec  (181.198.193.161:20215)

TCP:
Connects to fixed-187-189-144-41.totalplay.com.mx  (187.189.144.41:29128)

TCP (HTTP):
Connects to ec2-52-0-217-44.compute-1.amazonaws.com  (52.0.217.44:80)

TCP:
Connects to dup-201-113-227-214.prod-dial.com.mx  (201.113.227.214:39506)

TCP:
Connects to customer-TOR-187-8.megared.net.mx  (177.228.187.8:51632)

TCP:
Connects to customer-TOLU-104-253.megared.net.mx  (177.247.104.253:33517)

TCP:
Connects to customer-GDL-66-193.megared.net.mx  (177.240.66.193:25424)

TCP:
Connects to client.rdsnet.ro  (86.124.79.30:23777)

TCP:
Connects to cable_66_119_133_116.tpia.dido.ca  (66.119.133.116:39382)

Remove pbiiuvda.exe - Powered by Reason Core Security