» 0a0c6ea7391a93524b1596b953705252_758217.npb
Overview
Analysis
File Details

0a0c6ea7391a93524b1596b953705252_758217.npb

The file 0a0c6ea7391a93524b1596b953705252_758217.npb has been detected as malware by 27 anti-virus scanners.

File name:

MD5:

0a0c6ea7391a93524b1596b953705252

SHA-1:

fed39d4f1958145527376adce44f929f9ac3efa1

SHA-256:

8e46c6e2a44a4fc9782d06100b8a1053eeb4696b171f972ce3397f55071ad59f

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/18/2024 10:33:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.5304

6434017

Agnitum Outpost

TrojanSpy.Babonock

7.1.1

AhnLab V3 Security

HEUR/Fakon.mwf

2015.01.25

avast!

Sality

150102-1

AVG

Luhe.Fiha.A

2016.0.3219

Bitdefender

Gen:Variant.Zusy.5304

1.0.20.125

Bkav FE

W32.HfsAutoA

1.3.0.6379

Clam AntiVirus

Trojan.Babonock

0.98/19974

Dr.Web

Trojan.Siggen4.28479

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.5304

9.0.0.4799

F-Prot

W32/Trojan2.OBHC

4.6.5.141

F-Secure

Gen:Variant.Zusy.5304

5.13.68

G Data

Gen:Variant.Zusy.5304

15.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.192.14746

Kaspersky

Trojan.Win32.Autoit

15.0.0.543

MicroWorld eScan

Gen:Variant.Zusy.5304

16.0.0.75

NANO AntiVirus

Trojan.Win32.Siggen4.brmdeh

0.30.0.64812

Norman

Gen:Variant.Zusy.5304

02.01.2015 13:58:24

Quick Heal

Trojan.Babnock.AZ5

1.15.14.00

Sophos

Virus 'Mal/Babonock-A'

5.09

SUPERAntiSpyware

Trojan.Agent/Gen-Siggen

10095

Total Defense

Win32/FakeFLDR_i

37.0.11402

Trend Micro House Call

Mal_OtorunP

7.2.25

Trend Micro

Mal_OtorunP

10.465.25

Vba32 AntiVirus

TrojanSpy.AutoIt

3.12.26.3

VIPRE Antivirus

Threat.4657539

36666

File size:

740.4 KB (758,217 bytes)

Common path:

C:\ProgramData\application data\net protector\npbkpn\0a0c6ea7391a93524b1596b953705252_758217.npb

File PE Metadata

Compilation timestamp:

1/18/2011 8:14:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:YTyjXW+48qWywrU4kGFezOAVuJ5PIGww7F5DO3HYffF:2IXW/8yw1ez54lIYF5SXYHF

Entry address:

0x7ADD4

Entry point:

E8, E8, 9C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 18, E8, E9, 1F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 8C, 1F, 00, 00, 83, C8, FF, E9, 65, 01, 00, 00, 56, 57, E8, 00, 84, 00, 00, 8B, F0, 59, 89, 75, F8, 39, 5F, 04, 7D, 03, 89, 5F, 04, 6A, 01, 53, 56, E8, AA, 9D, 00, 00, 83, C4, 0C, 89, 45, FC, 3B, C3, 0F, 8C, FB, 00, 00, 00, 8B, 57, 0C, F7, C2, 08, 01, 00, 00, 75, 08, 2B, 47, 04, E9, 25, 01, 00, 00, 8B, 07, 8B, 4F, 08, 8B, D8, 2B, D9, 89, 5D, F4... 
[+]

Entropy:

6.2640

Code size:

556.5 KB (569,856 bytes)

Remove 0a0c6ea7391a93524b1596b953705252_758217.npb - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.