home

Booky82.exe

Booky

BadgeWinners

The executable Booky82.exe has been detected as malware by 13 anti-virus scanners. While running, it connects to the Internet address ip-23-229-165-66.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
BadgeWinners

Product:
Booky

Version:
82.00

MD5:
46fa2db71c21707d23e1f745dc2d8b6c

SHA-1:
529ee99998e3b2377e431530be8fd383c5314f07

SHA-256:
954d02c1fc2e4967e05d4e7fc7a4b62a5b838fa44e16097137cd175e19813a45

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/26/2024 4:28:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.17268883
212

Avira AntiVirus
TR/VB.Downloader.Gen
8.3.3.4

Arcabit
Trojan.Generic.D1078093
1.0.0.741

avast!
Win32:Malware-gen
2014.9-160706

Bitdefender
Trojan.Generic.17268883
1.0.20.940

Emsisoft Anti-Malware
Trojan.Generic.17268883
8.16.07.06.07

F-Secure
Trojan.Generic.17268883
11.2016-06-07_4

G Data
Trojan.Generic.17268883
16.7.25

IKARUS anti.virus
Trojan.VB.Downloader
t3scan.2.1.6.0

McAfee
Artemis!46FA2DB71C21
5600.6346

MicroWorld eScan
Trojan.Generic.17268883
17.0.0.564

nProtect
Trojan.Generic.17268883
16.06.24.01

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

File size:
292 KB (299,008 bytes)

Product version:
82.00

Original file name:
Booky82.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/17/2016 7:33:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:EJtjakvkCqIK81fSFGJtgZK7sEFgG73Sp6hmnGpZV8iHXW:K/3KZEFgG73Sp6hmnGpZV8i3

Entry address:
0x19E0

Entry point:
68, 4C, 2A, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 02, 2E, 00, 0E, 29, 22, BA, 4F, 92, 92, 81, B8, 73, E3, F6, AA, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 6F, 6F, 6B, 79, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 25, 48, 7A, 4F, 6A, 47, E5, 90, 40, 8E, A3, F8, 1C, AD, 2C, D1, 96, 14, C2, 78, 19, 42, 2D, 05, 4D, 99, 14, EB, F9, A1, DF, CE, 16, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
5.7728

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
280 KB (286,720 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-23-229-165-66.ip.secureserver.net  (23.229.165.66:80)

Remove Booky82.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.