home

vkbot.exe

VkBot

VkBot Team

This is a setup program which is used to install the application. The file has been seen being downloaded from vkbot.ru and multiple other hosts.
Publisher:
VkBot Team

Product:
VkBot

Description:
bot for vk.com

Version:
3.4.1.0

MD5:
c96359db26175c1694e5018aeb9398fd

SHA-1:
3b19bb0e4c1e31676434b5aa9ab8325911d65265

SHA-256:
4dd1741508983d8c0e083b341c31307c108ad0beeb2dd376c09159512b7356cc

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 1:24:45 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Tool.VkBot.34
9.0.1.0100

File size:
623.3 KB (638,238 bytes)

Product version:
3.4.1.0

Copyright:
© 2009 - 2014

Original file name:
VkBot

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vkbot.exe

File PE Metadata
Compilation timestamp:
4/3/2014 5:47:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:LSPNL6pW1SJwpRhswsL2aNQvJaHi/FD3vqIN53XtufX0g4CahRyHeG:LSVLyWoypT2bQvJaH8FD3vrN2f14Ca3K

Entry address:
0x86080

Entry point:
B8, 04, 3C, 64, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 65, E6, 9C, 1E, D0, 59, D7, C0, A9, B8, 78, 3A, 79, 93, 0B, 88, EB, 41, BC, 40, 27, 32, F3, 16, 51, 0D, 49, D4, BA, A4, EF, 08, 90, DD, 13, 4A, 0C, A0, 70, CB, 30, BC, E6, 49, 4B, 48, 66, 3E, C0, 28, B2, 9D, CA, 3D, 6C, 4B, 6A, 37, 9B, 24, 98, EC, 28, D0, BE, 2B, D7, 9E, 3A, 6A, E4, 4A, 10, BF, 36, 33, BC, 35, DF, 8A, 85, DE, 66, 3A, 53, 08, 5F, 35, 79, 3A, FB, A4, 56...
 
[+]

Packer / compiler:
PECompact v2

Code size:
587 KB (601,088 bytes)

The file vkbot.exe has been seen being distributed by the following 2 URLs.

http://vkbot.ru/dl.php?v=f1bdd1d7280d617547ccb5f749a8c4e9

http://vkbot.ru/dl.php?v=855724bb09021710d1f857d6efec4ee8

Scan vkbot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.