» anti-vbsvbex86.exe
Overview
Analysis
File Details
Downloads (1)

anti-vbsvbex86.exe

Anti-VBS/VBE

Borislav Surbat

File name:

anti-vbsvbex86.exe

Publisher:

Borislav Surbat (signed and verified)

Product:

Anti-VBS/VBE

Description:

Tool to remove VBS/VBE worms

Version:

86, 0, 0, 11

MD5:

2a99de50b9068b2a6df21309e3f85baf

SHA-1:

c56fefc826919dd2b8d011a3f55683694de5e1c7

SHA-256:

fbde2e0828f03de4ea94babd54e0767daece415cc1746a20c41f267c29640bf6

Scanner detections:

4 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/25/2024 3:46:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Vobfus

7.1.1

NANO AntiVirus

Trojan.Win32.Blocker.deqmux

0.30.0.64448

Vba32 AntiVirus

Hoax.Blocker

3.12.26.3

Zillya! Antivirus

Trojan.Blocker.Win32.22452

2.0.0.2033

File size:

318.6 KB (326,208 bytes)

Product version:

86, 0, 0, 11

dr_Bora, www.mcshield.net

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Borislav Surbat

Authority:

COMODO CA Limited

Valid from:

1/20/2014 3:00:00 AM

Valid to:

1/21/2015 2:59:59 AM

Subject:

CN=Borislav Surbat, O=Borislav Surbat, STREET=Storgatan 53, L=Hoganas, S=Skane, PostalCode=26331, C=SE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F18CA38A8EBE51655C3D5EC4676A5C3A

File PE Metadata

Compilation timestamp:

10/18/2013 12:26:29 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:EZtzB1QC2TqK1uQ2uwwCN1SYuDyLzPhibFWe9qe4MB:EbK/wwCN1SYuDyPPhwvqa

Entry address:

0x19906

Entry point:

E8, 95, 37, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, DC, 8D, 43, 00, 75, 02, F3, C3, E9, 17, 38, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 55, 18, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 90, 3D, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, D7, 38, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 96, 18, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73... 
[+]

Entropy:

6.5968

Code size:

172.5 KB (176,640 bytes)

The file anti-vbsvbex86.exe has been seen being distributed by the following URL.

http://www.mcshield.net/download/tools/.../Anti-VBSVBEx86.exe

Scan anti-vbsvbex86.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.