» 397cf2757fcfe98ddba2d339afab2205_39424.npb
Overview
Analysis
File Details
Network (1)

397cf2757fcfe98ddba2d339afab2205_39424.npb

The file 397cf2757fcfe98ddba2d339afab2205_39424.npb has been detected as malware by 35 anti-virus scanners. While running, it connects to the Internet address www.arcor-online.net on port 25.

File name:

MD5:

397cf2757fcfe98ddba2d339afab2205

SHA-1:

2c235a08d1a664bf0d7375e77afb355a8697f0c3

SHA-256:

e0e32c9ee831b4daae10ebe5ba12669be902e519f8bb3f4ac77d9011a95cca07

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

4/26/2024 4:05:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1014020

411

Agnitum Outpost

Backdoor.Pushdo

7.1.1

AhnLab V3 Security

Backdoor/Win32.Pushdo

15.12.21

Avira AntiVirus

TR/Dropper.Gen

7.11.151.204

avast!

Win32:Kryptik-LWG [Trj]

2014.9-151221

AVG

Dropper.Generic8

2016.0.2889

Baidu Antivirus

Backdoor.Win32.Pushdo

4.0.3.151221

Bitdefender

Trojan.GenericKD.1014020

1.0.20.1775

Bkav FE

W32.GenericPushdoF.Trojan

1.3.0.4959

Comodo Security

TrojWare.Win32.Kryptik.BAVK

18347

Dr.Web

BackDoor.Bulknet.893

9.0.1.0355

Emsisoft Anti-Malware

Trojan.GenericKD.1014020

8.15.12.21.06

ESET NOD32

Win32/Wigon.PH

9.9857

Fortinet FortiGate

W32/Pushdo.YOY!tr

12/21/2015

F-Secure

Trojan.GenericKD.1014020

11.2015-21-12_2

G Data

Trojan.GenericKD.1014020

15.12.24

IKARUS anti.virus

Trojan-Downloader.Win32.Cutwail

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.178.12212

Kaspersky

Backdoor.Win32.Pushdo

14.0.0.939

Malwarebytes

Trojan.Inject

v2015.12.21.06

McAfee

Cutwail-FCES!397CF2757FCF

5600.6545

Microsoft Security Essentials

TrojanDownloader:Win32/Cutwail.BS

1.10600

MicroWorld eScan

Trojan.GenericKD.1014020

16.0.0.1065

NANO AntiVirus

Trojan.Win32.Pushdo.bsbesl

0.28.0.59921

Norman

Pushdo.AE

11.20151221

nProtect

Backdoor/W32.Pushdo.39424.E

14.05.27.01

Panda Antivirus

Trj/CI.A

15.12.21.06

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Backdoor.Pushdo.qfs

12.15.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_CUTWAIL.MW

7.2.355

Trend Micro

TROJ_CUTWAIL.MW

10.465.21

Vba32 AntiVirus

Backdoor.Pushdo

3.12.26.0

VIPRE Antivirus

Trojan-Downloader.Win32.Cutwail.bx

29676

ViRobot

Backdoor.Win32.S.Pushdo.39424.A

2011.4.7.4223

File size:

38.5 KB (39,424 bytes)

Common path:

C:\ProgramData\net protector\npbkp\397cf2757fcfe98ddba2d339afab2205_39424.npb

File PE Metadata

Compilation timestamp:

1/31/2005 1:13:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:Nmb91Qs0U+/XPEYS/64gC72eIYiVU97AMmgAsoffIBs:IJ1QS8A64H7nIYiVUJ3BPoX4s

Entry address:

0x15F7

Entry point:

85, C0, 33, C0, 50, 68, 7B, 14, 10, 08, 50, 68, F0, 57, 00, 00, 50, 68, 2F, 12, 10, 08, E8, 1A, 00, 00, 00, 68, 3A, 12, 10, 08, 50, E8, 5D, FC, FF, FF, FF, D0, CC, FF, 25, 10, 20, 10, 08, FF, 25, 0C, 20, 10, 08, FF, 25, 04, 20, 10, 08, FF, 25, 00, 20, 10, 08, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.5189

Code size:

2 KB (2,048 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (SMTP):

Connects to www.arcor-online.net (151.189.21.100:25)

Remove 397cf2757fcfe98ddba2d339afab2205_39424.npb - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.