» scanner and bruft.exe
Overview
Analysis
File Details
Network (1)

scanner and bruft.exe

updater

The executable scanner and bruft.exe has been detected as malware by 15 anti-virus scanners. While running, it connects to the Internet address 12.aa.5177.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

Product:

updater

Version:

4.02.0003

MD5:

bad55e8c74016f85983212031ef930f2

SHA-1:

91a3304d3d3d436cfb7be3e6c8936f4fde2aa926

SHA-256:

e0cc67d81a67da00b5c55ee52c8c37f4d9d4e2e0d874974135eb2a5abb414ed2

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

11/27/2024 3:41:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.AZXA

689

Avira AntiVirus

TR/Agent.azxa.1

7.11.187.36

Bitdefender

Trojan.Agent.AZXA

1.0.20.380

Comodo Security

UnclassifiedMalware

20127

Emsisoft Anti-Malware

Trojan.Agent.AZXA

8.15.03.17.06

F-Secure

Trojan.Agent.AZXA

11.2015-17-03_3

G Data

Trojan.Agent.AZXA

15.3.24

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.8.3.0

McAfee

Artemis!BAD55E8C7401

5600.6823

MicroWorld eScan

Trojan.Agent.AZXA

16.0.0.228

Norman

Agent.BBBLQ

11.20150317

nProtect

Trojan.Agent.AZXA

14.11.18.01

Qihoo 360 Security

Win32/Trojan.2f9

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R00GC0OJ714

7.2.76

Trend Micro

TROJ_GEN.R00GC0OJ714

10.465.17

File size:

36 KB (36,864 bytes)

Product version:

4.02.0003

Original file name:

SOCKS_CHecker.exe

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

2/16/2013 3:29:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:WrMndm6T4VUG3Ba8tMVnoqKZjEEnslg8W4UH:gWOU4BSVnoq+EEnsa6U

Entry address:

0x1438

Entry point:

68, F8, 1E, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 51, 52, 2A, C3, C9, AF, CD, 42, 83, 1D, D3, 9F, 7E, 79, 21, FF, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 4F, 43, 4B, 53, 5F, 43, 68, 65, 63, 6B, 65, 72, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 23, 08, 64, C3, 98, C7, 6F, D8, 4E, 9E, CC, 42, E4, 97, 98, E1, D8, 3E, C3, 43, 0D, DD, CB, 9E, 47, B7, 9D, B8, 85, 0D, 5E, 4A, 8D, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

24 KB (24,576 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 12.aa.5177.ip4.static.sl-reverse.com (119.81.170.18:80)

Remove scanner and bruft.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.