» b.boygameforpc.exe
Overview
Analysis
File Details
Downloads (1)

b.boygameforpc.exe

The executable b.boygameforpc.exe has been detected as malware by 17 anti-virus scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from download1757.mediafire.com.

File name:

b.boygameforpc.exe

MD5:

c8d3297d618bc500504700da877fed0c

SHA-1:

6ee324d5de396299ef48f101b4a9e9082e022a4f

SHA-256:

9510d533c3054d0a06162a2d7e7ce0c1d8796a55b88440ce6ea3de338c5d610d

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/16/2024 8:55:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.24293

339

AhnLab V3 Security

Trojan/Win32.FakeAV

2014.05.27

Avira AntiVirus

TR/Dropper.Gen

7.11.151.182

avast!

MSIL:Agent-BKA [Trj]

2014.9-160301

Comodo Security

Backdoor.MSIL.Bladabindi.A

18339

Dr.Web

Trojan.DownLoader10.63222

9.0.1.061

ESET NOD32

MSIL/Bladabindi.BH (variant)

10.9854

F-Secure

Trojan.GenericKDZ.24293

11.2016-01-03_3

IKARUS anti.virus

Gen.Trojan.Ciusky

t3scan.1.6.1.0

Kaspersky

Backdoor.MSIL.Agent

14.0.0.580

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.10600

MicroWorld eScan

Trojan.GenericKDZ.24293

17.0.0.183

NANO AntiVirus

Trojan.Win32.DownLoader11.cxfbrl

0.28.0.59921

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.16228

Sophos

Troj/DotNet-P

4.98

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.26.0

File size:

33.3 MB (34,881,018 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Self-extracting archive

Common path:

C:\users\{user}\downloads\b.boygameforpc.exe

File PE Metadata

Compilation timestamp:

12/1/2013 3:08:23 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:pdiGrPwT7uUVgMNDkt5ZPZ1MwK38iYr6WpHYAbpzaLLr7z:Him0tNqt5fKMk1AbMLr7z

Entry address:

0x1D728

Entry point:

E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, E4, 81, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, E4, 81, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, E4, 81, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, D1, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Code size:

149.5 KB (153,088 bytes)

The file b.boygameforpc.exe has been seen being distributed by the following URL.

http://download1757.mediafire.com/49hb204lhatg/.../b.boygameforpc.exe

Remove b.boygameforpc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.