» Abood.exe
Overview
Analysis
File Details
Behaviors (1)

Abood.exe

The executable Abood.exe has been detected as malware by 26 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsft’.

File name:

Abood.exe

MD5:

db4450f46efcfeb75c30afb7fcb7cf8b

SHA-1:

8aa58af1124019e804128ad2196307b2458c7db1

SHA-256:

49f49086391ea4c6252e793a524b926f1b24004c68efb7d0067949bd195cbc85

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/26/2024 8:21:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.28227

835

Agnitum Outpost

Trojan.Injector

7.1.1

AhnLab V3 Security

Win-Trojan/Agent.28672.CLD

2014.10.23

Avira AntiVirus

TR/Dropper.Gen

7.11.180.174

avast!

Win32:Malware-gen

2014.9-141022

AVG

Trojan horse Dropper.Generic5.CCXJ

2014.0.4040

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.141022

Bitdefender

Gen:Variant.Graftor.28227

1.0.20.1475

Comodo Security

TrojWare.Win32.Buzus.dfke

19873

Dr.Web

Win32.HLLW.Autoruner.58610

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Graftor.28227

14.10.22

ESET NOD32

Win32/Injector.KMN trojan

7.0.302.0

Fortinet FortiGate

W32/SPNR.03E911!tr

10/22/2014

F-Prot

W32/Zbot.GH.gen

4.6.5.141

F-Secure

Gen:Variant.Graftor.28227

11.2014-22-10_4

G Data

Gen:Variant.Graftor.28227

14.10.24

IKARUS anti.virus

Trojan.Win32.Buzus

t3scan.1.7.8.0

K7 AntiVirus

Backdoor

13.184.13741

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3061

Malwarebytes

Trojan.Surebrec

v2014.10.22.07

MicroWorld eScan

Gen:Variant.Graftor.28227

15.0.0.885

NANO AntiVirus

Trojan.Dos.Gendal.evgvx

0.28.2.62841

Norman

Injector.ABB

11.20141022

Qihoo 360 Security

Malware.QVM02.Gen

1.0.0.1015

SUPERAntiSpyware

Trojan.Agent/Gen-Injector

10283

VIPRE Antivirus

Trojan.Win32.Injector.eke

34156

File size:

217.4 KB (222,589 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\abood.exe

File PE Metadata

Compilation timestamp:

1/9/2011 5:50:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

3072:OC03HLPbgzDXbZZXo9/ZZDGGGVqxGeF/NpJCAyDnPKr:+PkzPZZXkZCm7FVpLy7PKr

Entry address:

0x1110

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 20, 61, 40, 00, E8, F8, FE, FF, FF, 90, 8D, B4, 00, 00, 00, 00, 00, 55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, 20, 61, 40, 00, E8, D8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 53, 83, EC, 14, 8B, 45, 08, 8B, 00, 8B, 00, 3D, 91, 00, 00, C0, 77, 3B, 3D, 8D, 00, 00, C0, 72, 4B, BB, 01, 00, 00, 00, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 08, 00, 00, 00, E8, BF, 15, 00, 00, 83, F8, 01, 0F, 84, FF, 00, 00, 00, 85, C0... 
[+]

Code size:

6 KB (6,144 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Microsft

Command:

C:\users\{user}\appdata\roaming\msn\update.exe

Remove Abood.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.