» 2.exe
Overview
Analysis
File Details

2.exe

The executable 2.exe has been detected as malware by 39 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

2.exe

MD5:

4977c5289f617d9fdcdeec6e8feecb5a

SHA-1:

11b777afa04c7f77eaf0503f3825ccbee8e92f6e

SHA-256:

bc64775044b4c2a32f0a552719514a09707a3693c221ad0f38b01da2bc146ec8

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

4/23/2024 11:10:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.5565

523

Agnitum Outpost

Trojan.Disfa

7.1.1

AhnLab V3 Security

Win-Trojan/Bladabindi.Gen

2015.08.13

Avira AntiVirus

TR/Agent.44544218

8.3.1.6

Arcabit

Trojan.Barys.D15BD

1.0.0.425

avast!

Win32:Agent-AWWE [Trj]

2014.9-150830

AVG

MSIL

2016.0.3001

Baidu Antivirus

Trojan.MSIL.Bladabindi

4.0.3.15830

Bitdefender

Gen:Variant.Barys.5565

1.0.20.1210

Bkav FE

W32.KeylogVerfyLTAN.Trojan

1.3.0.7062

Clam AntiVirus

Win.Worm.Njrat

0.98/21511

Comodo Security

TrojWare.MSIL.Disfa.A

22991

Dr.Web

BackDoor.Bladabindi.1393

9.0.1.0242

Emsisoft Anti-Malware

Gen:Variant.Barys.5565

8.15.08.30.09

ESET NOD32

MSIL/Bladabindi (variant)

9.12084

Fortinet FortiGate

MSIL/Agent.PPP!tr

8/30/2015

F-Prot

W32/MSIL_Troj.AP.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Barys.5565

11.2015-30-08_1

G Data

Gen:Variant.Barys.5565

15.8.25

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.208.16868

Kaspersky

Trojan.MSIL.Disfa

14.0.0.1501

Malwarebytes

Backdoor.Bot.MSIL

v2015.08.30.09

McAfee

BackDoor-FBMR!4977C5289F61

5600.6657

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AA

1.1.11903.0

MicroWorld eScan

Gen:Variant.Barys.5565

16.0.0.726

NANO AntiVirus

Trojan.Win32.Autoruner.cymfmd

0.30.24.3079

nProtect

Trojan/W32.Agent.44544.AAI

15.08.12.01

Panda Antivirus

Trj/CI.A

15.08.30.09

Qihoo 360 Security

Win32/Trojan.4be

1.0.0.1015

Quick Heal

Backdoor.Bladabindi.A3

8.15.14.00

Rising Antivirus

PE:Backdoor.Bot!1.6675

23.00.65.15828

Sophos

Mal/MSIL-FE

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-MSIL

9659

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.242

Trend Micro

BKDR_BLADABI.SMC

10.465.30

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.26.4

VIPRE Antivirus

Trojan.MSIL.Bladabindi.f

42822

Zillya! Antivirus

Trojan.Bladabindi.Win32.122

2.0.0.2350

File size:

43.5 KB (44,544 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\2.exe

File PE Metadata

Compilation timestamp:

3/23/2015 11:53:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:kyuUbx8y1kvcSSaovare9GTW2K9581o6HpjHPKqvtK1zRML1oP5esDDNtUM9NpoQ:PxG/pdltWKoP5esDDNtP97rHCCrk

Entry address:

0xC51E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

41.5 KB (42,496 bytes)

Remove 2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.