home

2cbfdd8c_stp.exe

The executable 2cbfdd8c_stp.exe has been detected as malware by 8 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
MD5:
0d83cfd40bb72eb3262322a64600becf

SHA-1:
78cf9689673314648d9e3538d9b7423052c7db89

SHA-256:
ad8d4c6e6762bc73ae705ebd4501ac06ed5eaf325922dd6cd1da2d16b474b9f7

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 10:44:51 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160209-2

AVG
Win32/Sality
2015.0.4522

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6208.0

Norman
Win32.Sality.3
08.02.2016 04:24:12

File size:
132 KB (135,168 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\2cbfdd8c_stp.exe

File PE Metadata
Compilation timestamp:
10/7/2014 6:40:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:l8Dsp+kNX1dFOvDlXJuN45ZQXcyg44PFHopJMvhI+hn+x/zEyKIj9wMl98Y+:l8MNXSENoXySopJieI+xLEyKq6MlB+

Entry address:
0x30E2

Entry point:
46, 8B, FF, F3, 8A, DB, 72, 07, BF, 8C, 30, 86, BF, 0A, EB, F3, 05, 0B, B9, 25, 2B, 85, F0, F7, C0, A8, B3, DC, B8, 89, CB, F2, 80, EF, 16, 0F, AF, F6, C6, C3, AA, 69, F9, A2, 91, E7, 12, 8D, 0D, 32, 14, 00, 00, F7, C5, 28, 76, 3C, 38, 88, DA, 8B, EF, 81, E9, 6B, 0F, 00, 00, EB, 03, 88, DF, F3, 01, D6, C6, C3, 98, 69, DF, 55, C7, 21, 7F, 75, 0E, 69, F6, 0B, F9, E9, 34, 84, EF, C7, C6, 6F, 01, F2, 8B, F7, C6, C0, 4F, 64, 15, 87, DD, 89, CB, B8, F8, CE, 0D, 00, 87, D7, 13, DF, 69, D2, 2B, D2, D7, D5, 35, 21...
 
[+]

Entropy:
7.6524

Code size:
23.5 KB (24,064 bytes)

Remove 2cbfdd8c_stp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.