usbfix.exe

The executable usbfix.exe has been detected as malware by 1 anti-virus scanner. This file is typically installed with the program UsbFix by El Desaparecido. While running, it connects to the Internet address ns1.sosvirus.net on port 80 using the HTTP protocol.
MD5:
68cd0d4e20d81909045ad72d6e2cd784

SHA-1:
6c5b4a239984f87062028b669a02c52f5a0fec85

SHA-256:
74a5f2519fce68e176e182208f1bfd825d506b106047ff3dc0866684f184014c

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 3:57:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.3.6

File size:
1.7 MB (1,806,848 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

File PE Metadata
Compilation timestamp:
2/2/2016 6:45:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:rCdxte/80jYLT3U1jfsWaSa5yHN0ScxKYUqxApyJbfR/u0GgIP3vslQ:iw80cTsjkWaSa0MxKYU4jJbFu0Kfp

Entry address:
0x27F4A

Entry point:
E8, B8, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 24, E3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00...
 
[+]

Entropy:
7.1758

Code size:
567.5 KB (581,120 bytes)

The file usbfix.exe has been discovered within the following program.

UsbFix  by El Desaparecido
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns1.sosvirus.net  (151.80.21.61:80)

TCP (HTTP):
Connects to redirect.ovh.net  (213.186.33.5:80)

TCP (HTTP SSL):
Connects to ns3059860.ip-137-74-207.eu  (137.74.207.132:443)

Remove usbfix.exe - Powered by Reason Core Security