» b84543.exe
Overview
Analysis
File Details
Behaviors (1)

b84543.exe

The executable b84543.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘a75454623’. This trojan will attemp to establish a connection to a remote server through various TCP ports and will use Winlogon to survive reboots.

File name:

b84543.exe

MD5:

53e547b530f0d1a38b563aa44037327b

SHA-1:

46c4dcce3f65016a99ba4ba7d1f68437255723c5

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/25/2024 6:56:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1731627

856

Agnitum Outpost

Backdoor.Azbreg

7.1.1

AhnLab V3 Security

Dropper/Win32.Necurs

2014.08.27

Avira AntiVirus

TR/Crypt.Xpack.73477

7.11.169.142

avast!

Win32:Downloader-VMA [Trj]

2014.9-141002

AVG

SHeur4

2015.0.3334

Baidu Antivirus

Trojan.Win32.Lethic

4.0.3.14102

Bitdefender

Trojan.GenericKD.1731627

1.0.20.1375

Bkav FE

W32.CosniesLTC.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

19330

Dr.Web

BackDoor.IRC.NgrBot.449

9.0.1.0275

Emsisoft Anti-Malware

Trojan.GenericKD.1731627

8.14.10.02.02

ESET NOD32

Win32/Lethic.AA

8.10001

Fortinet FortiGate

W32/Kryptik.SMA!tr

10/2/2014

F-Secure

Trojan.GenericKD.1731627

11.2014-02-10_5

G Data

Trojan.GenericKD.1731627

14.10.24

IKARUS anti.virus

Backdoor.Win32.Azbreg

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13166

Kaspersky

Backdoor.Win32.Azbreg

14.0.0.3164

McAfee

RDN/Generic BackDoor!yx

5600.6990

Microsoft Security Essentials

Trojan:Win32/Lethic.B

1.10904

MicroWorld eScan

Trojan.GenericKD.1731627

15.0.0.825

NANO AntiVirus

Trojan.Win32.Yakes.dbphmd

0.28.2.61861

nProtect

Trojan.GenericKD.1731627

14.08.26.01

Panda Antivirus

Trj/Chgt.C

14.10.02.02

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Quick Heal

(Suspicious) - DNAScan

6.14.14.00

Sophos

Mal/Ransom-CR

4.98

Trend Micro House Call

Suspicious_GEN.F47V0625

7.2.176

Trend Micro

TROJ_SPNR.15GA14

10.465.02

Vba32 AntiVirus

OScope.Malware-Cryptor.Ngrbot

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32584

Zillya! Antivirus

Backdoor.Azbreg.Win32.3758

2.0.0.1902

File size:

129 KB (132,096 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/25/2014 1:56:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:zcSFh9svwtKrIEu4HRrbPcrcpreop5RnF7ax3cyifPLzcblt38Z:ooh91nAdEaD723cyucbltMZ

Entry address:

0x2F31

Entry point:

E8, A1, 74, 00, 00, E9, 1E, FE, FF, FF, CC, CC, CC, CC, CC, 80, 7A, 0E, 05, 75, 11, 66, 8B, 9D, 5C, FF, FF, FF, 80, CF, 02, 80, E7, FE, B3, 3F, EB, 04, 66, BB, 3F, 13, 66, 89, 9D, 5E, FF, FF, FF, D9, AD, 5E, FF, FF, FF, BB, 6C, 82, 41, 00, D9, E5, 89, 95, 6C, FF, FF, FF, 9B, DD, BD, 60, FF, FF, FF, C6, 85, 70, FF, FF, FF, 00, 9B, 8A, 8D, 61, FF, FF, FF, D0, E1, D0, F9, D0, C1, 8A, C1, 24, 0F, D7, 0F, BE, C0, 81, E1, 04, 04, 00, 00, 8B, DA, 03, D8, 83, C3, 10, FF, 23, 80, 7A, 0E, 05, 75, 11, 66, 8B, 9D, 5C... 
[+]

Code size:

72 KB (73,728 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

a75454623

Command:

C:\recycler\{random}\b84543.exe

Remove b84543.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.