» playcheat pbbr.exe
Overview
Analysis
File Details
Downloads (2)

playcheat pbbr.exe

The executable playcheat pbbr.exe has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from fs05n5.sendspace.com and multiple other hosts.

File name:

playcheat pbbr.exe

MD5:

6dbb8834ae807d6ede6df07396aad4c7

SHA-1:

02f99d2828da766288e21d2a5116251c1c197dad

SHA-256:

caef5ea267469e609fe591bbbd6ea0b8fed3ee028a0d40109c095ddcc90bf10f

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/16/2024 1:53:26 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

MSIL/Bladabindi.AS trojan

8.0.319.0

F-Prot

W32/MSIL_Bladabindi.A2.gen

4.6.5.141

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.225.3019.0

File size:

28.5 KB (29,184 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\playcheat pbbr.exe

File PE Metadata

Compilation timestamp:

7/31/2016 4:05:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:ooOIwVKa325jTcDyDeeJ8DUQyek0Lp3iV8bxuVpfEOnnnnnnnJh:3OIwzzDsGUuiabEVpf3nnnnnnn

Entry address:

0x892E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

26.5 KB (27,136 bytes)

The file playcheat pbbr.exe has been seen being distributed by the following 2 URLs.

https://fs05n5.sendspace.com/dl/39540ce91b97f305c84fe921e8aa35f7/57a28e5e15ca5ecb/.../PlayCheat PBBR.exe

https://fs05n3.sendspace.com/dl/c59aceb293dd6575cb13b47bf04b7a3f/579f6e0a63b12d39/.../PlayCheat PBBR.exe

Remove playcheat pbbr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.