winbox.exe

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.gilix.com.br and multiple other hosts.
MD5:
a63bb3a7ba06ee55c06a8315c2cfa066

SHA-1:
b3348046fdb87895d61ca016ac6f3f9753b6d1f8

SHA-256:
e6b9611b833b66bf48f83f4169ff4be9ed51b5c9e0b654f838354ebc16288571

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 8:55:13 PM UTC  (today)

File size:
111.5 KB (114,176 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
11/8/2012 10:31:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:AkMwuGcvhkLdN3FZJ16ckEdzUd4LlOXu:BuGR7tjkEo40

Entry address:
0x1220

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 01, 00, 00, 00, FF, 15, 64, B4, 41, 00, E8, C8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 64, B4, 41, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 88, B4, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 74, B4, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, EC, 08, E8, 45, 0C, 01, 00, C7, 04, 24, D0, 92, 41, 00, B8, 10, A0, 41, 00, 89, 44, 24, 04, E8, 60, FC, 00, 00...
 
[+]

Entropy:
5.8728

Packer / compiler:
Dev-C++ 4.9.9.2

Code size:
73 KB (74,752 bytes)

Scheduled Task
Task name:
{7D3210A7-4173-4DFB-9FB0-715B9BEE7B83}

Trigger:
Registration (Runs on registration)


The file winbox.exe has been seen being distributed by the following 27 URLs.

http://www.gilix.com.br/winbox.exe

http://nunetworx.com/winbox.exe

http://download2.mikrotik.com/routeros/winbox/.../winbox.exe

http://www.mikrotik-training-center.de/Download/.../169-Winbox-v2.2.18.html?chk=eb5305aa5d7c092ce109685c4a2add6f&no_html=1

http://30.0.0.1/outros/.../winbox.exe

https://doc-14-6o-docs.googleusercontent.com/docs/securesc/bjtpjcurrve8ncb0q2145pesu3o22077/k2qjcjudrdfahsrerk7vdgdqq60f6bm3/1472680800000/.../06226570124821245884/0B_pl6euZzzyQYjJtTl96ZWthZkE?e=download

https://www.dropbox.com/sh/qkx94p0eqkw00u6/.../winbox.exe

http://1537.webmikrotik.com/modulos.php?nome=downloads&baixar=winbox.exe

http://177.124.232.170/downloads/.../winbox.exe

http://10.76.235.3/.../winbox.exe

https://dl-web.dropbox.com/get/GHM-CARLITOS/1 reserva san guillermo/Manuales/.../winbox.exe

ftp://aversi.ge/winbox_.exe

http://download2.mikrotik.com/routeros/winbox/.../winbox.exe

http://192.168.88.1/.../winbox.exe

http://10.1.1.1/.../winbox.exe

temp:winbox.exe

http://172.31.255.2/down.php?id=2

Scan winbox.exe - Powered by Reason Core Security