WinntbbuED.exe

WinntbbuED

The Exterminators

This is a self-extracting archive and installer. The file has been seen being downloaded from s10376.chomikuj.pl.
Publisher:
The Exterminators

Product:
WinntbbuED

Description:
Utility to modify Windows XPs Winntbbu.dll, wich is used in the setup process

Version:
0.03.0001

MD5:
1655b1d06811d936d7ca05275f086636

SHA-1:
2bfbed644bd11ce19dc0e628a49e1091aab50b1d

SHA-256:
e58942183103407a8e77701d2de33512e11b906c96e9b016ed46f0c06a000013

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 7:47:22 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Avira AntiVirus
TR/Crypt.PEPM.Gen
7.11.137.64

avast!
Win32:Malware-gen
2014.9-140407

ViRobot
JS.A.Iframe.255488
2011.4.7.4223

File size:
249.5 KB (255,488 bytes)

Product version:
0.03.0001

Copyright:
The Mad Guy

Original file name:
WinntbbuED.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

File PE Metadata
Compilation timestamp:
7/29/2005 5:03:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Z3t2CQQH3D5OP2xAtcjMShSWjj9PyeK3eOm6DGD35Vv:Z3E16NONGgSYWFydYD7v

Entry address:
0x3F08

Entry point:
B8, 5C, 0E, 4D, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 53, 73, D3, E8, 83, 7E, AE, 81, 7B, 9C, 26, 31, 28, 3A, 72, E0, C9, 47, B0, 90, FA, FD, CD, FC, 9F, 09, 87, 02, 60, FA, 0C, CB, BD, 5B, FA, 5F, 23, D0, DB, B7, B9, 8A, F6, B8, BA, D3, 20, B6, FE, 00, 95, 98, F9, E1, 41, 54, 44, A5, E6, 6A, 50, 31, 30, D7, 26, 9B, 65, 63, 90, 2C, C5, 4E, ED, E2, 57, 49, E5, 3A, B2, 84, C2, D9, 6C, C7, 5C, 10, 2A, 56, E7, F3, 32, 39, 90...
 
[+]

Entropy:
7.9890

Packer / compiler:
PECompact v2

Code size:
432 KB (442,368 bytes)

The file WinntbbuED.exe has been seen being distributed by the following URL.

Scan WinntbbuED.exe - Powered by Reason Core Security