home

96500878.exe

BUDDYBACKUP LTD

Publisher:
Milka  (signed by BUDDYBACKUP LTD)

Product:
Milka

Version:
0.08.0002

MD5:
82892436a3cb667350b08562d5706874

SHA-1:
d916719d4918f3b9c77da57070de6a54c0cff15a

SHA-256:
79d7db73bddfcb556a2dabd2dec5fcad62e333fab6fdec03de47f0e48c4bc443

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/10/2024 3:50:45 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.VB.37761
8.3.2.2

Panda Antivirus
Generic Suspicious
15.10.10.03

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.RDM.26!5.20[F1]
23.00.65.151008

File size:
185.7 KB (190,152 bytes)

Product version:
0.08.0002

Original file name:
Milka.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\ozics\96500878.exe

Digital Signature
Signed by:
BUDDYBACKUP LTD

Authority:
COMODO CA Limited

Valid from:
7/5/2011 2:00:00 AM

Valid to:
7/5/2012 1:59:59 AM

Subject:
CN=BUDDYBACKUP LTD, O=BUDDYBACKUP LTD, STREET="Arxcis House. 9, Park Hill", L=London, S=London, PostalCode=SW4 9NS, C=GB

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C29D98339C6C226396EEF8422C30970A

File PE Metadata
Compilation timestamp:
10/26/2015 4:28:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:x+3U4pG0j8ZLYBcPAQQQQQQIE578r9Gh1TgAML4mD0YmF9ghNpBosl:cJGY+YQQQQQQvgA24nrgv

Entry address:
0x12B4

Entry point:
68, F8, F3, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D0, 1F, 1C, 76, 29, 67, C2, 40, A5, 6D, EC, A3, D8, 5C, 38, E4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, B0, DE, 2A, 00, 42, 6C, 65, 63, 68, 70, 72, 6F, 64, 75, 6B, 74, 30, 00, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 37, EA, 85, D3, 39, 80, D4, 4B, B6, 8C, B0, B4, 66, 3A, FB, 1C, 76, 00, B2, 14, DF, 36, 6D, 47, A2, CB, 54, 06, FF, C3, DC, 35, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
156 KB (159,744 bytes)

Scan 96500878.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.