home

administrador's setting.scr

The file administrador's setting.scr has been detected as malware by 39 anti-virus scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
MD5:
2ca72990fe8f0c214603d138b51d217d

SHA-1:
8768593ee8c5fcdcd40292b2bbbc64e8010be230

SHA-256:
481b0d9759bfd209251eccb1848048ebbe7bd2c87c5914a894a5bffc0d1d67ff

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
5/21/2024 9:55:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Generic.493878
428

Agnitum Outpost
I-Worm.Brontok
7.1.1

AhnLab V3 Security
Win32/Brontok.worm.45456
2015.11.24

avast!
Win32:Brontok-CE [Wrm]
2014.9-151204

AVG
I-Worm/Brontok.X
2016.0.2906

Baidu Antivirus
Trojan.Win32.FakeFolder
4.0.3.15124

Bitdefender
Win32.Generic.493878
1.0.20.1690

Bkav FE
W32.BrontokQ
1.3.0.7383

Clam AntiVirus
Worm.Brontok.AE
0.98/21511

Comodo Security
Worm.Win32.Brontok.AT
23646

Dr.Web
BackDoor.Generic.3162
9.0.1.0338

Emsisoft Anti-Malware
Win32.Generic.493878
8.15.12.04.06

ESET NOD32
Win32/Brontok.AT
9.12613

Fortinet FortiGate
W32/Brontok.K@mm
12/4/2015

F-Prot
W32/Brontok.DL@mm
v6.4.7.1.166

F-Secure
Win32.Generic.493878
11.2015-04-12_6

G Data
Win32.Generic.493878
15.12.25

IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.1.9.5.0

K7 AntiVirus
EmailWorm
13.212.17945

Kaspersky
Email-Worm.Win32.Brontok
14.0.0.1024

Malwarebytes
Trojan.Dropper
v2015.12.04.06

McAfee
W32/Rontokbro.gen@MM
5600.6562

Microsoft Security Essentials
Trojan:Win32/Senta!rfn
1.1.12300.0

MicroWorld eScan
Win32.Generic.493878
16.0.0.1014

NANO AntiVirus
Trojan.Win32.Brontok.vpwh
0.30.26.4751

nProtect
Worm/W32.Brontok.45456.B
15.11.23.01

Panda Antivirus
W32/Brontok.O.worm
15.12.04.06

Qihoo 360 Security
Trojan.Generic
1.0.0.1077

Quick Heal
W32.Brontok.Q
12.15.14.00

Rising Antivirus
PE:Trojan.Win32.Mnless.dyr!1442186 [F]
23.00.65.151202

Sophos
W32/Brontok-K
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-SV
9468

Total Defense
Win32/Robknot.AQ
37.1.62.1

Trend Micro House Call
WORM_RONTKBR.AB
7.2.338

Trend Micro
WORM_RONTKBR.AB
10.465.04

Vba32 AntiVirus
TScope.Trojan.VB
3.12.26.4

VIPRE Antivirus
Email-Worm.Win32.Brontok.a
45386

ViRobot
I-Worm.Win32.Brontok.45456.B[h]
2014.3.20.0

Zillya! Antivirus
Worm.Brontok.Win32.320
2.0.0.2527

File size:
44.4 KB (45,456 bytes)

Common path:
C:\windows\syswow64\administrador's setting.scr

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
768:GXo/ONSbZV/zBFyF4RlculTIpUP0JtoCDfJLO7fyiA37B9yDpsK70XVQv35BMCud:CoB1eF+lculYOUJGdA3V9EsK7QVO5A

Entry address:
0x32F77

Entry point:
E9, D8, D1, FC, FF, 0C, 80, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 2F, 03, 00, 0C, 80, 02, 00...
 
[+]

Entropy:
7.3358

Packer / compiler:
RLPack FullEdition V1.1X

Code size:
512 Bytes (512 bytes)

The file administrador's setting.scr has been seen being distributed by the following URL.

temp:Video.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.121:80)

TCP (HTTP SSL):
Connects to ats.sbs.vip.dc11.lumsb.com  (8.12.146.61:443)

TCP (HTTP SSL):
Connects to ir1.fp.vip.bf1.yahoo.com  (98.139.180.149:443)

TCP (HTTP SSL):
Connects to ir2.fp.vip.bf1.yahoo.com  (98.139.183.24:443)

TCP (HTTP SSL):
Connects to media-router-fp1.prod.media.vip.ne1.yahoo.com  (98.138.252.38:443)

TCP (HTTP SSL):
Connects to media-router-fp1.prod.media.vip.bf1.yahoo.com  (98.139.180.180:443)

Remove administrador's setting.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.