usbfix.exe

Cedric Le Bozec

The executable usbfix.exe has been detected as malware by 1 anti-virus scanner. This file is typically installed with the program UsbFix by El Desaparecido. While running, it connects to the Internet address ns1.sosvirus.net on port 80 using the HTTP protocol.
Publisher:
Cedric Le Bozec  (signed and verified)

MD5:
b41bad7cbdd57c58f2681f118587596b

SHA-1:
ed91f73041a724ed9e9e650760c17b10309c40e1

SHA-256:
c4ba5d01fea99644304cead49fbf022ef51345a2d992323f58d4221bfb5a6b3e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 4:44:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.7.23

File size:
1.7 MB (1,815,528 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
11/30/2015 1:00:00 AM

Valid to:
12/7/2016 1:00:00 PM

Subject:
CN=Cedric Le Bozec, O=Cedric Le Bozec, L=Etaules, S=Bretagne, C=FR

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
04CE4D88B083C5D726BDFA5A3EF82C69

File PE Metadata
Compilation timestamp:
1/7/2016 1:21:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:KCdxte/80jYLT3U1jfsWa/ansuq7Pz8R6phjgP1tPBUQo:Lw80cTsjkWa/asuq7zxjELo

Entry address:
0x27F4A

Entry point:
E8, B8, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 24, E3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00...
 
[+]

Code size:
567.5 KB (581,120 bytes)

The file usbfix.exe has been discovered within the following program.

UsbFix  by El Desaparecido
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ns3009231.ip-151-80-21.eu  (151.80.21.61:443)

TCP (HTTP):
Connects to ns1.sosvirus.net  (151.80.21.61:80)

TCP (HTTP SSL):
Connects to ns3059860.ip-137-74-207.eu  (137.74.207.132:443)

TCP (HTTP):
Connects to ns3014050.ip-94-23-52.eu  (94.23.52.47:80)

Remove usbfix.exe - Powered by Reason Core Security