pendrivebooter v3.6.12.1214.exe

The executable pendrivebooter v3.6.12.1214.exe, “PendriveBooter v3.6” has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from internode.dl.sourceforge.net.
Description:
PendriveBooter v3.6

Version:
3.6.12.1214

MD5:
b33a8b3ed70052ee3c0708cc4ad28455

SHA-1:
9721129f24b05b47fe6b6c12fe1736eecd709f79

SHA-256:
3fa1b476ac7d426984f63773c3910c58533c9d38032449c52344943a94764a61

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/28/2024 1:11:24 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150220

Bkav FE
HW32.Packed
1.3.0.6267

Dr.Web
Trojan.KillProc.30343
9.0.1.051

NANO AntiVirus
Trojan.Win32.KillProc.dltkay
0.30.0.64448

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V1215
7.2.51

File size:
2.7 MB (2,868,179 bytes)

Product version:
3.3.12.0

Copyright:
Shakib Software

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pendrivebooter v3.6.12.1214.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:4VK5yCAhR/vyaxcBCHSfmPyvSnHzj4I9KaWzxt3dz5TW/L2rx6hW:4A5yhhR/KL0imPxn4I9pW1nK/e6

Entry address:
0x19760

Entry point:
55, 8B, EC, B9, 0F, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 98, 96, 41, 00, E8, CB, D0, FE, FF, BF, AC, B9, 41, 00, 33, C0, 55, 68, E4, A5, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 99, A5, 41, 00, 64, FF, 32, 64, 89, 22, B8, A0, DD, E1, 00, 8B, 15, 7C, 86, 41, 00, E8, 0E, C2, FE, FF, B8, A4, DD, E1, 00, 8B, 15, 9C, 86, 41, 00, E8, FE, C1, FE, FF, A1, 50, BB, 41, 00, C6, 00, 00, 8D, 55, EC, 33, C0, E8, 3C, 96, FE, FF, 8B, 55, EC, B8, EC, DA, E1, 00, E8, 4F, 99, FE, FF, 33, C0, 55...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
102 KB (104,448 bytes)

The file pendrivebooter v3.6.12.1214.exe has been seen being distributed by the following URL.

Remove pendrivebooter v3.6.12.1214.exe - Powered by Reason Core Security