pivot_v4-1.exe

Gabidigu

Motus Software Ltd

The executable pivot_v4-1.exe, “Gabidigu Setup ” has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.bytesignbundles.com and multiple other hosts. While running, it connects to the Internet address 92b91b2d.rdns.100tb.com on port 80 using the HTTP protocol.
Publisher:
Ladagag   (signed by Motus Software Ltd)

Product:
Gabidigu

Description:
Gabidigu Setup

MD5:
f215807299ec48b5e7d1a84e764d2ed0

SHA-1:
5953c0c59f9f84046ee04aa87463be5b9fd2853d

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 4:14:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.6.21

File size:
1014.1 KB (1,038,424 bytes)

Product version:
2.0.9

Copyright:
program

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\pivot_v4-1.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/8/2016 11:48:52 AM

Valid to:
1/8/2017 11:48:52 AM

Subject:
CN=Motus Software Ltd, O=Motus Software Ltd, L=Lewes, S=East Sussex, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B33255C25F08D556D0D742D2C9C32DE3

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:pq36j4psY63Jx8YrTLhzKsKpiIK8/r4Oq+pHDVfy/iE2vm:pS6syt37NPk/O8/WejVfyN

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file pivot_v4-1.exe has been seen being distributed by the following 50 URLs.

http://www.bytesignbundles.com/WVl6OTRQVkkzWWxsaE1uVTRNSFpITTB4QldVcG1UVGx3VGtKME9HcHpNeVV5Um5FeVRVTndSRlJtTlcxclJYTmhSU1V6UkNaalBWUkxiR1pCV2lVeVJtMVNjSEUwYVhkNGRGRlZTM2czTWxWWVlrRlZkV3R2V2tod1pGUktTbWw2TjBvd1IyYzFjamtsTWtZeWVWWTJkbXRCVFdsaWJrUlVNRUYyYzJkMU9ETk1iRFJyTURNemRVVXljbVpLYjBGck0wazRjVEZLSlRKR01uaElWMjV2UTFJMFR6UnViMVpuYnpnM2QwMUdWek5VUzFRd01YcHllbGc1YzBkS0pUSkdRMDh6TkVSTGJWcFNhRGRNVEhSNVNVb3hVV1puSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBYQnBkbTkwWDNZMExURXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHZDNkM0xtbHliMjV6Y21NdVkyOXRKVEpHZEdWemRDNWxlR1U9

http://www.bytesignbundles.com/WVl6OTRQVmd6WlhSVGVGUkVNVFZWVFRkamN6aHZjWFZ1WkZoRE9WUjVRa3A0TVdSS1ZWUnFkVlZpT1ZFMWFHY2xNMFFtWXoxNWFEbEhlazFOVmtOb2JuWnRKVEpHVURaRVVFeGtSMjQ1T1ZOQmFWTjJVSE42TTFCTVRsUjJiSFZvTlhKc1JuYzNZVlpUSlRKQ016WnlPRlJYVW5KdU5YUjZabHAyYldoVVVXNDBUR2cySlRKQ1pHRldhbkpPVEZaVVEyMXpaRWsxTkNVeVFuRWxNa0owTkdsaE5rcElkV1poYVVoaWJHbFJRVmhIV0dJNFpXNTBNME5TWW5WRWFtaDFZbWtsTWtZeVZqZFRSbTFhTUZWRVFYQkpVRlZEWjFFbE0wUWxNMFFtWlQwd0ptUnZkMjVzYjJGa1FYTTljR2wyYjNSZmRqUXRNUzVsZUdVbVptRnNiR0poWTJ0ZmRYSnNQV2gwZEhBbE0wRWxNa1lsTWtaM2QzY3VhWEp2Ym5OeVl5NWpiMjBsTWtaMFpYTjBMbVY0WlE9PQ==

http://www.bytesignbundles.com/c?x=B63SbfbdppoqQicP2ZBsLhWQXasQGEtGoKHTp8pdXIM=&c=KbzGj8e5CFuLCdees3thO9CekCfMNZByWkDCn 2aTowuH/03J0j7MhxvHxUE9X6GhTGifAZoFDDDKrrQOXY9ljCgAvvw94fa rEqmPy4Xvs0lLcPneqfeYCG1SF69iENrIsbEuALIv4XgOshE0O5gmFJE9Ty y2XqmNN2ORQRPM=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQV1IxSlRKR2J6bHdRbFpPT1hWSFJUUmFVVGtsTWtaeE9WSlJkMnBTYm1GM1UwbDNKVEpHTVdzNVpUWWxNa1pHUXpRM1JTVXpSQ1pqUFdScFlWSnVSRUpUYTBNbE1rWkVkR1ZvT1cxaU4wdGhUazU1WW5OSUpUSkNla1pHTVU1U1kwTjBOV2t4TnpscVJYVlljVzkwY1RKdE5scG9ZamRFVWtaU2JHUkRVSEEwTTFOWE5HZEZNV1ZQTmpsa09GWldTazVXUW1KTWFtVjBiRmhaVG01NloxaDRXVUlsTWtaa1JFUnFiekpZYjA4d01XdFdTakJRUjFZMFNtNDVXRWRNWVd4aFkyZEtlVlJ3T0VwcWJWTTRiMjkxVGxGRVp5VXpSQ1V6UkNabFBUQW1aRzkzYm14dllXUkJjejF3YVhadmRGOTJOQzB4TG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuZDNkeTVwY205dWMzSmpMbU52YlNVeVJuUmxjM1F1WlhobA==

http://www.bytesignbundles.com/WVl6OTRQV3h4V0daUGFXNVJURVpSTWtGU1ZIVnBSR1J6TVZsRFpreHpUV3RKYmtsNlZYWkZURVZSVUdGWU1EUWxNMFFtWXoxQmNYSTJkVVkyU2pkbVYxTlhWMk0yZGxWaVFYVkpVRVprUW5Zd1pUUllUREpqVDNWT1pEQmthbVZNWjB3eU9IcHBZamxaT0hJeldVUkVXR0ZMZVZabVZHSmFUbTF6UTJSWmJTVXlRbVp1VmlVeVFuSnhkRzF4YWtkR1ZUbDNkMU5MZVVkRE4xTmhSMnRZVkZwYUpUSkdORVY1UVV4d1F6QlFiRzU1VFdKSk5VdHpORzgwVkVoc2VWQjBZMHB6WWtSak5rcDFPRzFIYjB0cmNHY2xNMFFsTTBRbVpUMHdKbVJ2ZDI1c2IyRmtRWE05Y0dsMmIzUmZkalF0TVM1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWjNkM2N1YVhKdmJuTnlZeTVqYjIwbE1rWjBaWE4wTG1WNFpRPT0=

http://www.bytesignbundles.com/c?x=oaZ6TCJ7qCYGKjMEghxknVwamEpiQ9ILXr2JzxmCoy4=&c=xImSQtVhOqelf3hvbJC4QuUE5ZC1t7nCJR7pZ38K5 oj/NLXQOB9yqyU8w/hMS9qCpeIpUqn/rwH6U6l6VyTgMdoG L2qQfNxWuwEObXt4rvVX90F4RvZw9xscp Qc1KOPkqD12EiVmwOJhukUOtrBM8QroVG8OwU7T2q7b2bgY=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQWFppTUZSS1ZUSlFRemRwUjJsTlNubDZiRmR0ZWtnbE1rSnFhMGRHWjFveWRFdDZWa1pVVW1saFlYVnRVU1V6UkNaalBXMVFTWGw0VGxreVRWaDJhWEJ5ZWtSRmExRnpSVFY2V2pBMmQyOTZSRlJGTURCWU5uUXhPWEYwZW14SWRITmphSEZuWWpoVVN6aEdlVE54Y2pFMVowdzNVMFpGVW05d2RWSXpPV1ZuUVhoNVp6SmhOM2MxVG5saWRsb3pVV3RYUzFsMVQxcFFaM1pJY2pORVRVODJXamwyWW5SbFVEWjRTVUZhYTFWM1YzVnZUREIwVVhGalNFTkVNVk5XYmlVeVFucHZUMjlWZFRaM0pUTkVKVE5FSm1VOU1DWmtiM2R1Ykc5aFpFRnpQWEJwZG05MFgzWTBMVEV1WlhobEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2QzZDNMbWx5YjI1emNtTXVZMjl0SlRKR2RHVnpkQzVsZUdVPQ==

http://www.bytesignbundles.com/c?x=uDZ7aDOP3CZuqgPOs/PjcqPK3kVQ0rD6I8XRZeF2B2w=&c=8u3MKyI8FVWsRNWBc5CsvFXqTl F7prrPn0y/AD20vZphFnoOEB7XDDySJsu1 nX/fE0GNzl9Mu3r7zeo5rgatIqdXdZoNi nIUPVwuOjYzFfPjuIrfY4n4yiE094JVYcbTRwkos/Y6 IW/v vyrM2Zq15AnzTHSS8EfPtXLuQM=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQVTgwY2s4NWNVWnJZWEFsTWtJM2JGaHlVMWR4TWtOVUpUSkNKVEpHZW1wdWF5VXlRbGt4WVcxeVkyUlZkRVpoZDNCVk9DVXpSQ1pqUFV0U01uaG1jRmhPVlhsQlJreHFiRzVJUkVwUVVqVlJXVVJKVlVWMlRtdGhaMlk0U0ZkeFNYbFZlV04zTkU5M2FXOXNkMFpHVDFWWlFsQjVkakJLTUdvd1RVczNRMHBRWjBNeGRUUkpXRkZOVjBSa1J5VXlRbklsTWtadlEyTkNKVEpDUTNKRldXcGpORmRxUTFGaFJraHJTMnBEYkdsUUpUSkdkSHB2Wm1nd1dWQjZTelUwVUdGamJEbExSVTFETVdwclprcDJVSEk0VFdKeFlXOUJKVE5FSlRORUptVTlNQ1prYjNkdWJHOWhaRUZ6UFhCcGRtOTBYM1kwTFRFdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdkM2QzTG1seWIyNXpjbU11WTI5dEpUSkdkR1Z6ZEM1bGVHVT0=

http://www.bytesignbundles.com/WVl6OTRQVFJsWW5Cd2J6Qmpha0pKTlNVeVJrdFFhbTkwVldwbE0ybE1VMFJ5VkV4NWRYaDJkbTFFTmpkc1VraDNUU1V6UkNaalBXUkhSRmhOSlRKR1oySlZSbUpXZW1Sb1JtOTZWblYxZWtKRVlVZHBTelZsUzBOT01rcE9SMEpVWWtOMVRrSnRka1UzVHpkS1JucHdjekZ5TjJreU1XTTVZakZRWjJabFNXTkNSakpaUjFGWU9EWlpiRlo0WVRGc1VuaFhkRFp6UVhZeVFsbHpOWEZPTTBwd01YRmhZV3BuUTAxRVptVnVKVEpDU0ZCbWFYUk9ZVTVhUjJKdWNIRmpWMjUzYzFaM0pUSkNVWFY2TmxFbE1rSlVabXQzSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBYQnBkbTkwWDNZMExURXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHZDNkM0xtbHliMjV6Y21NdVkyOXRKVEpHZEdWemRDNWxlR1U9

http://www.bytesignbundles.com/c?x=x7/X/2p2rQy8FE1lrn31pJehw4CJb2fds9oyQhWUaTI=&c=zcfEBl2QscqG6zkFcUIjlfrenBefz3gvX/VCwe4jNq9neSAQLTbHY2gIrz/ UdCOES/UvYfgCtm2n0I1l/JJ/xrxK2BNQrBH4tPl6rOSrjoaZp ki/1nLir7bnVaRL9NyhabWCMDpxgjYcgDuWIeTHrgzGDmot6kNtHS0ajP4Wo=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://soft.mydiv.net/win/dlfile28e3c_297570/.../pivot_v4-1.exe

http://www.bytesignbundles.com/c?x=iTmRZwGNSWW2dVREf7yMwO5VymhCxXSQqgRzZekl8Lw=&c=zip6oGds3srkBeS81KQo0WH1CjjRNNhVKepOg5N 04ya2BzJ5iKPowQt6tDs/JyUyEsXBh8G7ib9IZ7n657mun GVRB4H7qHH4wBSnwsIDcDg7PpzQ4tAEcyLwJIXpXha8dzJX7 gs0aqHNmMvTVWqiVN9gS6E27SOEm3lZjcrM=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/c?x=GqcMOlLx8vLUH7vubaqt VpuCPzJZsWbpo/jnkKEI1M=&c=jznzA9zvLpSwC1IYqKY7CdJvYAAXxCa2HHYB9EybTKjdxWtdjfTrCj/qCI71bCII9PwTqyMgkdDvcwmlknbLUZq76fhXAiRMQFDRlu7O4jHLInRlDnpbEF8mdCSQoDB8eMyJGVnCQ9tPvplMXXuPYKtUCnhKaYqF1D5jJIne0CE=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQV2RPYldJbE1rSktXRWxzTTNGcFNVMW9kVzl6ZWpSQ2N6QnRZMXAyU0hselRXNXVhRFZNVDBsaVZHTjNPQ1V6UkNaalBYWTVkMEVsTWtKdE9TVXlRbFZrYkVSYVVteENRbWhhVEVjd1dVTnZaVkFsTWtZbE1rSnFSbkpOVEZkbkpUSkNjMWRuYzJRMWMxTkJTWEY2V0U5WVVuQjZOVVV3T0dOdlJtZEdXRGRyYjBnMVVqRTJiVkF6V1RJbE1rWm9SRlpUUmxOU0pUSkdKVEpHZWxaWWRVVTVjbmRvTXlVeVFqZDZXRXBoVld0V1ZtOTZOVlprUkVsbE1tbHlibk5tVkdadk9VMTNabFpuYVU5dVVHaENVVUZyVEhOSU9FVTFlRVJzZHlVelJDVXpSQ1psUFRBbVpHOTNibXh2WVdSQmN6MXdhWFp2ZEY5Mk5DMHhMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVelFTVXlSaVV5Um5kM2R5NXBjbTl1YzNKakxtTnZiU1V5Um5SbGMzUXVaWGhs

http://www.bytesignbundles.com/WVl6OTRQVWN6U3pWRVFXVXdSVGhTUmxwc1FXNUZjek5yT1RORGVsZHhOM2RUYWlVeVFuTlRXV2ROYzB3emVrUjFZeVV6UkNaalBVVmlRak5CTm1OQmR6UnNiV05JYW1SSVdVTnljRGQ0YkdjNVpFNWlhRXRtWjBjeFJqSmhhRU5UY0RoamJVZDJXbkpzYmtoSE5UZFBUSEZSV2xWclNuWnVTbE51WWpSdlltNDNjV1kzUVU5b2IwTk5SMVJKY2twRlp6ZzFXRTlRVGxaWWNUTkpXR3hhVDNsSFRVSnVaMmhNTVRWc2JVMGxNa0p5U2s4eFRVZERaelowWVdsMkpUSkNZV00wWm04MFUxaG5UM3BvUTNKeVYyY2xNMFFsTTBRbVpUMHdKbVJ2ZDI1c2IyRmtRWE05Y0dsMmIzUmZkalF0TVM1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWjNkM2N1YVhKdmJuTnlZeTVqYjIwbE1rWjBaWE4wTG1WNFpRPT0=

http://www.bytesignbundles.com/c?x=0pfhVJOPDV2ZF5DPtwcMBDiY87bRQTj//BpMBqUXw6k=&c=8vlntzzSABStyaE2yJPpgayG1HNXoEPi7ioTMfUGHDgTsc9hW5RJyhhfnZCuIk2rE4z2Aota1h3ZFIx3wHNdLDcyfxQtBj4OOYHI Z0fStl4uJg2VPtIx7zLSAW/GTUcS5EvKrhsjZeVpbRQVZiBkdfRv3 aLRcHbIjGy8SgKYU=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/c?x=tnkjK7jnPXNDw1nCXI4O8Ba3G1KK2Ceill2MocOXKtA=&c=jxOrmREQmeWaPIxMYdPxNRuFquOnub6CM70d9ZkNqG zsf4ncSmk8Ihv9dMcnBRG lwfKxEcr9tLP8tVIqXA2D4G5MONekL63SvEafGyiRojkufkxTc1O/VeX6XyoiJqQEulh4b5y6s3ECX/tpKrquYZS7iI7aOc12XVv Ft3wE=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQVTlTZEZsWVFYWnBUVWRNYURkWlEyWlRUa2xtSlRKR1JUTmtXVVVsTWtaR09FMXdiRVZUV0ZnMmRFNXZTMHBWSlRORUptTTlTMmwxZUVKM1dtUk9OblpzZWpoa1UwWlJjalZvZVVrNVVuaDNha1pCWlVrMmRWcFVTRWQyVGxwSGREQTJkRFpTT1hWRGRXeEZSVUpJYkNVeVJrRlJjMm95ZGs1NlNuSkRSMmsyT1c1TFFUVjBjMFEwVERNbE1rWktWRkIzVVhWbGJFUm5kREl6Vm1rbE1rSkxjM1ZPZGpkSVJtNXRaWEJoVlVsaVZqZEdiSEZIVUhkNGFtMVJhVWszYVZKV1Z6bElOV2xuZUVnMWQweFhORTVCSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBYQnBkbTkwWDNZMExURXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHZDNkM0xtbHliMjV6Y21NdVkyOXRKVEpHZEdWemRDNWxlR1U9

http://www.bytesignbundles.com/c?x=ac9T4PWLEXuxtO/0PKUKaTB9a2dpZFF0RjVbZbCSTYE=&c=748KbSbvY6Shqa22iTCaRIH9twZbVpzqgI1qbGdV ddyXXnOkHk3c w4Kt/x7F6BwkLIEl0iKFIiEoTpDJmeOmZbbCtSSA2/RXahpznxg4aYi1ifm/ErknLOnYy4MCUg9jn nvJDzJ18bAi9IQjoB73CMguMJzuP20O5lSygYOs=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQVTVuYXlVeVJtSTBaVTlGVVU1YVZGWkZSbXhuZW1wV0pUSkNkWGR4VW1oRVpFNWhSa3hrZDNkbU0wMDFibTF6SlRORUptTTliVmRwWms1dWVteHpTM0FsTWtKalpXTnhTMVJTWXpKRVJUbDVWRFpMUW5wS1JtVk5KVEpHV1RVeVptWm5hRE5XVmxZbE1rSlNSbEE1ZWtob05scFpPSGd6YVVSVWRHbExaM2t3Y1hac2FsUWxNa1o2WVZocU1XUlFVVFZuTjBOVVNtTk9NbGwzYVNVeVFrRmFhemRGZEdZeGEybzFZVTgzUTB0bFdrVmtNRFp5V1hnMVNuUTRkQ1V5UW5oRFpHNWxKVEpDTUd4dGJEWnZZbkJpY3pWdVFWRldSbWNsTTBRbE0wUW1aVDB3Sm1SdmQyNXNiMkZrUVhNOWNHbDJiM1JmZGpRdE1TNWxlR1VtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1ozZDNjdWFYSnZibk55WXk1amIyMGxNa1owWlhOMExtVjRaUT09

http://www.bytesignbundles.com/WVl6OTRQVWMyT0hWTWMwZzBVWGM1YkVOSGN6VTJaMHBLVWtKcldEZFhWMUV4VmtSRGVIZGFha0kyUVRkb1luY2xNMFFtWXowMUpUSkNkSEpCTXpBbE1rSkpiMVZUVUhZM1EyUjJVbWRXZVNVeVJuRXpWR2RGVlU5U2VGaEVNemxRVUVFeE1tOVNhRTlPTVUxRk9WWXlkMDVvY25OSE9ERTNUelJDY0Rsb1dYTlhUMWRsVFVSVlZsbHFha1p2YjFWS1pUTllPVGhqUVUxM1NrdEhlVU14U1c4M1FXOXpZamRNYUZkRE16Sm1SemszY2xkV1ZtRmtNVkJ1U1c5RFJHeHlNVlJDSlRKQ2JTVXlSbEIwZEhRMWMzaHZaM1YzSlRORUpUTkVKbVU5TUNaa2IzZHViRzloWkVGelBYQnBkbTkwWDNZMExURXVaWGhsSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROQkpUSkdKVEpHZDNkM0xtbHliMjV6Y21NdVkyOXRKVEpHZEdWemRDNWxlR1U9

http://www.bytesignbundles.com/WVl6OTRQWG93VDAxS1lrNUxWbWxpTmxoamFXZHhKVEpDVXpCck0yaGhhbUZKVEdOVmMyWklTM1ZuUTNkelRFMUxWU1V6UkNaalBYaGtkbGtsTWtaTlRtTnNOazl6VFZaeU1tWkVTa2RMUlc5dmJXTktKVEpHUnpSeFIydHdjWEpwTlZZNFdtTkNSVE5zVG5obk1qUkVkVlp0WTJKMVdXZ2xNa0p3V1NVeVFtSk1SR0k1WkVKdFJYTldSRXR2V21ReE5tUTFlR05WWjFKc2JDVXlSaVV5Um5OUmIycDZZbXRPZHpKcE5sWmlRMHBFYnpSTlptWjBXRXhrY1V0ak1FaEdTV3AxZG5reFlrbHJTRzQ0VXpSNWRqYzRjWGRFYlc5alp5VXpSQ1V6UkNabFBUQW1aRzkzYm14dllXUkJjejF3YVhadmRGOTJOQzB4TG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuZDNkeTVwY205dWMzSmpMbU52YlNVeVJuUmxjM1F1WlhobA==

http://www.bytesignbundles.com/c?x=EsAEOQHI91QVQytUtWRA4zUM/5KxrpgjRH/hs7OF82M=&c=31D j7 eQx/p4kVOtj4e9RHBLj7V UdgJ aoGky81cI8tATRXPJqY9XRXBDgKg9LNI1dpTINPJiJhvEwrvSt7I/bmUOb2ibz6C7as8zv/wxSjEtT5IGXqDaQlo2paCZHSnRi/p6OW4t9hQCcQf/2ysLWvDcihRx3gbf4DwFY7 k=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/WVl6OTRQVkI2YWtaWmJsUmtkMlphY3pFbE1rWnhUbUpQWVNVeVFsTmFkblkzZDNoelZYZzRKVEpDTUVGVmRFaHVha2hNZWtVbE0wUW1ZejFoWVZCUVVuQkVKVEpDVEdkU2FIQlBlVEJVVW14a1pWcFVVazFPTUhoNmJHNVVkbWRYU1ZWWWRrWkJaR2x4Vm05MWJGSTVVMGs0Y0d0TU1uZEZiR2hpUlZJd1NFSXpXbkJPVUZVelMybDVSVWMxVkZacFlubEZjVEJrY0VGNVFVRktkbkpxVUhkTFJXWk1NRkJQZURNekpUSkdUekF5Vm1aVk5tRldNRFpMZUU4eU0wRmFja2xyYWxnbE1rWnVKVEpHVlVsa1N6QkdkME5pTTB0RWR5VXpSQ1V6UkNabFBUQW1aRzkzYm14dllXUkJjejF3YVhadmRGOTJOQzB4TG1WNFpTWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuZDNkeTVwY205dWMzSmpMbU52YlNVeVJuUmxjM1F1WlhobA==

http://www.bytesignbundles.com/c?x=HkxwK5M7IRlAECZznqOXruVxQMk1PV3xBw2xF1OHN5U=&c=Dxxb QEUrVtM3ePkjKwBrniNKYakjXWvQzAwKmrdVl13PyYzZlX/7ytH6Wp53JgKIRjEzJNgy5g1ydk1cEPaUSMv/pgHiVY2GvqBFscP vaS9mVTFSwgc72fzqSFEfzGF/JcWzBnUzHZvmm6KKIuXLchYwxAKyfhfXgMsc1a2mU=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/c?x=cY20kHCjE3/mfH6 rHaa6EhURGaUQnouOILaQ9EL70U=&c=utZphX5RVw4VJMyxsbpt7q1ha3ya5JWatHKJihaPd4DJjGLWgn5gjo1uEIr44W0e3ixCPKXqpWM4kELnEqrdWn9iVNrt52xWrntaUtV3wEn8xR Nv7VVXFdels7uhztUTrVMcS67KdvAfblfZnnWxXwHv51YOrPyf1dtvFXRVkI=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/c?x=T8ZvPDtoMGnrcbHExabOa2BPb2zV9Pg1NnKG/dqVBpw=&c=cyqtnMSA1q2Ty0jIrCtr dMb546LHc24AJtUsLD4Y/tLcotE83zPfTbBa9weZpt5fJbzpN4KypzJmqjJkRYVsfYwqRBlqGoORodhgherioKFjtPhKZJqvDOZFRg5gB2gIgaQuPZQjbWar S9 51vumk0d88LKOd3 aWJtR3pSYE=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/c?x=SQI0K2cEm3h Oe0 HwjlQXGRTzmm7rJYJ3LD1cXnf3s=&c=VNwAXZ06nqpK9Zu4BEULlRvuQEB1LaG1Be4lEtKTQxWplbR0KP9cZYbfXhEwwYXcERMStZj8hzook/Eyzo lw3RJebgIiSBpf0DR5oW o3CtgVTj4epCqbWM fNYKY1fSajwPHy0aTN89B83JkIt/ZBISvoVXAG/5f/7DoENcd0=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

http://www.bytesignbundles.com/c?x=WSSnGRUVmET5rtKHeEugoVoXGLGP724S/nrhew4yJf4=&c=ncf Eg zdcEzry5D4hTHJ9n2LmiVpTylJolBQuVQnK7iyZxA/uixVKV95nLm5tZs9OxJFBQemGLJo1k5FgjGmrbxXry2nueRdowV3g73gHTcL64TEvllF1H vsdjzz9qU4g4Y/O 0L9 qTs52WBzr0qp7xTrKfEwsVxjEe9bewg=&e=0&downloadAs=pivot_v4-1.exe&fallback_url=http://.../test.exe

Latest 30 of 517 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-232-235-7.sa-east-1.compute.amazonaws.com  (54.232.235.7:80)

TCP (HTTP):
Connects to ec2-54-232-222-104.sa-east-1.compute.amazonaws.com  (54.232.222.104:80)

TCP (HTTP):
Connects to ec2-52-30-226-196.eu-west-1.compute.amazonaws.com  (52.30.226.196:80)

TCP (HTTP):
Connects to ec2-52-30-150-214.eu-west-1.compute.amazonaws.com  (52.30.150.214:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to ec2-52-208-40-227.eu-west-1.compute.amazonaws.com  (52.208.40.227:80)

TCP (HTTP):
Connects to 92b91b35.rdns.100tb.com  (146.185.27.53:80)

TCP (HTTP):
Connects to 92b91b2d.rdns.100tb.com  (146.185.27.45:80)

Remove pivot_v4-1.exe - Powered by Reason Core Security