home

cobra booter.exe

Windows Command Processor

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable cobra booter.exe, “Windows Command Processor” has been detected as malware by 33 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from rghost.net.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Windows Command Processor

Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)

MD5:
880a08450f71f48c96c854f3486251b0

SHA-1:
038620146df9097833d16256a866fb44b42d3d4c

SHA-256:
a34be271893f22957b7016a6000a851cd4ba0e91a9ff88f528613d632d34958d

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/19/2024 1:12:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Androm.6
522

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Win-Trojan/FCN.140610
2015.06.11

Avira AntiVirus
TR/Dropper.MSIL.75946
8.3.1.6

Arcabit
Trojan.MSIL.Androm.6
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150831

AVG
MSIL6
2016.0.3000

Baidu Antivirus
Trojan.MSIL.Inject
4.0.3.15831

Bitdefender
Gen:Heur.MSIL.Androm.6
1.0.20.1215

Comodo Security
UnclassifiedMalware
22406

Dr.Web
Trojan.Hosts.34286
9.0.1.0243

Emsisoft Anti-Malware
Gen:Heur.MSIL.Androm
8.15.08.31.09

ESET NOD32
MSIL/Injector.HTK (variant)
9.11764

Fortinet FortiGate
MSIL/HTK!tr
8/31/2015

F-Secure
Gen:Heur.MSIL.Androm.6
11.2015-31-08_2

G Data
Gen:Heur.MSIL.Androm
15.8.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.204.16202

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1496

Malwarebytes
Backdoor.Bot
v2015.08.31.09

McAfee
Gamarue-FAZ!880A08450F71
5600.6656

Microsoft Security Essentials
Trojan:Win32/Ceatrg.A
1.1.11701.0

MicroWorld eScan
Gen:Heur.MSIL.Androm.6
16.0.0.729

NANO AntiVirus
Trojan.Win32.Inject.dnzanl
0.30.24.2086

Panda Antivirus
Trj/CI.A
15.08.31.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.MSI.g3
8.15.14.00

Sophos
Troj/MSIL-BUJ
4.98

Trend Micro House Call
TROJ_SPNV.01BD15
7.2.243

Trend Micro
TROJ_SPNV.01BD15
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
41000

ViRobot
Trojan.Win32.S.Agent.1778688.H[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Inject.Win32.157990
2.0.0.2217

File size:
1.7 MB (1,778,688 bytes)

Product version:
6.1.7601.17514

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Cmd.Exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
2/11/2015 10:14:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:4Y52DzFr+7QGPfiRtO/7beHVYjtypjUPq6kXnV+gsXUcGDmwhBg:rqzUz6PcNMpkfkFy

Entry address:
0x30890

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
186.5 KB (190,976 bytes)

The file cobra booter.exe has been seen being distributed by the following URL.

http://rghost.net/download/8vHsmSrJc/.../Cobra Booter.exe

Remove cobra booter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.