home

vkbot.exe

VkBot

VkBot Team

The executable vkbot.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from vkbot.ru.
Publisher:
VkBot Team

Product:
VkBot

Description:
bot for vk.com

Version:
3.2.8.0

MD5:
6c6db56c6319b1c2927622c05b97baa2

SHA-1:
8d4dfb8ce6c55c78cdb7cffe41c6972c2e1213d7

SHA-256:
b21b0f59d0987b55fae618d55e3edb3ecca5da082ade9b545d8224ddda3a99a6

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/27/2024 1:41:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11595682
916

Bitdefender
Trojan.Generic.11595682
1.0.20.1075

Bkav FE
W32.HfsAutoA
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Generic.11595682
8.14.08.03.02

F-Secure
Trojan.Generic.11595682
11.2014-03-08_1

G Data
Trojan.Generic.11595682
14.8.24

MicroWorld eScan
Trojan.Generic.11595682
15.0.0.645

nProtect
Trojan.Generic.11595682
14.08.01.01

File size:
634.8 KB (650,030 bytes)

Product version:
3.2.8.0

Copyright:
© 2009 - 2014

Original file name:
VkBot

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/3/2014 10:47:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:XSPNL6pW1SJwpRhswsL2aNQvJYUq2GMa+KFpiTg0mamHUXDUE7yME6JYmguF:XSVLyWoypT2bQvJLq+KFc00p4+37f7Fj

Entry address:
0x86080

Entry point:
B8, 14, AC, 64, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 95, 19, 50, 0A, 71, E1, AC, 6F, 11, 7F, B3, 94, D9, 2B, B9, A8, 13, 20, 12, BA, AC, 52, 3A, 99, A6, 8F, F8, 28, 83, 81, 14, AC, F4, CE, C3, 32, D8, 28, FD, 8B, 63, 5C, 26, 68, 7F, 25, 42, BF, 91, C6, C5, 63, 72, 45, D2, 6D, 7E, 8D, 7D, 14, A8, 3A, 9B, 6E, 5D, B4, 7A, 16, DF, 02, C4, E7, AB, AF, 94, AA, 2F, F8, 6B, DA, 5B, 8D, 7A, 2E, EF, 72, 3D, 08, 76, 09, 04, FC, 8B...
 
[+]

Packer / compiler:
PECompact v2

Code size:
587 KB (601,088 bytes)

The file vkbot.exe has been seen being distributed by the following URL.

http://vkbot.ru/dl.php?v=a8d87b3de4cb7917c846ffb63826cf45

Remove vkbot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.