home

Bitrix24.exe

Bitrix24 Desktop Client

Bitrix, Inc

The executable Bitrix24.exe has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Bitrix24 Desktop’.
Publisher:
Bitrix  (signed by Bitrix, Inc)

Product:
Bitrix24 Desktop Client

Version:
4.1.27.35 (16-Sep-2016)

MD5:
914a9a691a5c7fac6a0c21153d71e994

SHA-1:
667e91c518adcd908e9ca0a296c231ad946c436a

SHA-256:
fe0aa4feb52024f581e7a5c9615b77d9c3ab7284d7117ec7e44a8b704ad0e8d5

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
7/13/2025 11:06:53 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Win32/Floxif.A
2013.0.4477

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
3.2 MB (3,386,239 bytes)

Product version:
4.1.27.35

Copyright:
(c) Bitrix 2016

Original file name:
Bitrix24.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\bitrix24\bitrix24.exe

Digital Signature
Signed by:
Bitrix, Inc

Authority:
Symantec Corporation

Valid from:
5/18/2016 6:00:00 AM

Valid to:
6/18/2018 5:59:59 AM

Subject:
CN="Bitrix, Inc", O="Bitrix, Inc", L=Alexandria, S=Virginia, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
27180E731DEDC7240D371B7B3B4EE3E8

File PE Metadata
Compilation timestamp:
9/16/2016 4:41:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:EcyQTQ7D2/dzV/OdwK7p3tivLKqBMrDvTI4NEfZ5RVsZ5RVsZ5RV3aQAzpVUzhcZ:sQTQ7D2/dB+VhIv4rDvTI4mEM8M8Mha

Entry address:
0x10BD83

Entry point:
E9, DA, 62, F2, FF, E9, 8E, FE, FF, FF, FF, 25, 20, 88, 55, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, C6, F1, FF, FF, F2, E9, DA, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 28, E5, 59, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B...
 
[+]

Entropy:
7.0598

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.3 MB (1,404,928 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Bitrix24 Desktop

Command:
"C:\Program Files\bitrix24\bitrix24.exe" --from-startup


Remove Bitrix24.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.