home

adobe online.com

The file adobe online.com has been detected as malware by 31 anti-virus scanners. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware. While running, it connects to the Internet address box361.bluehost.com on port 80 using the HTTP protocol.
MD5:
57bf93c7a2f15fd56557fe243b5731e6

SHA-1:
3a432915dd7ddbdefc41f1a98d8454535a39cc15

SHA-256:
5ba6440c7e1b96b01bc891e6f0e7c3c57bb7f447802128e8e8d1025579bfa95c

Scanner detections:
31 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 6:11:18 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2012.07.08

Avira AntiVirus
W32/Sality.AT
7.11.35.120

avast!
Win32:Kukacka
2014.9-160229

AVG
Worm/VB.10
2017.0.2819

Bitdefender
Worm.SillyShareCopy.E
1.0.20.300

Clam AntiVirus
Worm.VB-117
0.98/18155

Comodo Security
Virus.Win32.Sality.Gen
12869

Dr.Web
Win32.Sector.21
9.0.1.060

Emsisoft Anti-Malware
Worm.Win32.AutoRun!IK
8.16.02.29.03

ESET NOD32
Win32/Sality.NBA
10.7279

Fortinet FortiGate
W32/Sality.AA
2/29/2016

F-Prot
W32/Sality.gen2
v6.4.6.5.141

F-Secure
Worm.SillyShareCopy.E
11.2016-29-02_2

G Data
Worm.SillyShareCopy
16.2.22

IKARUS anti.virus
Worm.Win32.AutoRun
t3scan.1.1.122.0

K7 AntiVirus
Virus
13.145.7232

Kaspersky
Worm.Win32.AutoRun
14.0.0.589

McAfee
W32/Sality.gen.z
5600.6475

Microsoft Security Essentials
Virus:Win32/Sality.AT
1.163.1557.0

Norman
VBWorm.NHE
11.20160229

nProtect
Worm.SillyShareCopy.E
12.07.07.01

Panda Antivirus
W32/Sality.AA
16.02.29.03

Quick Heal
W32.Sality.U
2.16.12.00

Rising Antivirus
Worm.VB.ajx
23.00.65.16227

Sophos
Mal/Sality-D
4.79

Total Defense
Win32/Sality.AA
37.0.9991

Trend Micro House Call
PE_SALITY.RL
7.2.60

Trend Micro
PE_SALITY.RL
10.465.29

Vba32 AntiVirus
Trojan.VBO.0348
3.12.18.0

VIPRE Antivirus
Virus.Win32.Sality.at
12192

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
1.2 MB (1,249,280 bytes)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\adobe online.com

File PE Metadata
Compilation timestamp:
1/28/2007 9:30:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:+FTggbSESjin+B4jMf4ivrnM2HKqKub3kXRsKH6LNiNNDKpkv3SqFWLrd6t6:AggiM+0Gw2HK4bYsNLNkDKpwSqFaBa6

Entry address:
0x110C

Entry point:
60, 69, FB, AD, 96, B1, 5B, 0F, B6, D8, 0F, CA, 87, D3, B7, 9E, B7, 23, 0F, BA, F2, CC, 0F, B7, FE, F6, C4, D4, 0F, B3, F3, 69, FA, 39, B4, 36, 2B, 0F, BB, F8, 0F, AF, F3, 0F, A4, CE, E7, F6, C7, 01, 80, E4, BE, 8B, E8, 22, DB, 0F, AF, DF, 0F, CB, 0F, AF, F8, 33, CD, 42, 2D, 05, F3, CC, 16, 80, FD, 5A, 81, E0, 8C, 36, AC, B1, 51, 55, 69, EE, 71, 6B, F8, 49, F2, 1C, F2, C0, F4, 18, 87, DD, C6, C3, 2B, E8, 1A, 00, 00, 00, 8D, 15, CD, B7, 89, 37, 0C, 4A, 0F, AF, DB, C6, C1, D4, 43, F7, D5, 2B, FF, F6, D3, 85...
 
[+]

Entropy:
0.9157

Code size:
24 KB (24,576 bytes)

User Start Menu Item
Name:
Adobe Online.com


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to box361.bluehost.com  (69.89.31.161:80)

TCP (HTTP):
Connects to 217-160-0-39.elastic-ssl.ui-r.com  (217.160.0.39:80)

TCP (HTTP):
Connects to web398.default-host.net  (185.104.45.67:80)

TCP (HTTP):
Connects to 217-160-0-4.elastic-ssl.ui-r.com  (217.160.0.4:80)

Remove adobe online.com - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.