home

ComboFix.exe

ComboFix

Swearware

ComboFix is an application from sUBs that scans your computer for the most common and current malware, and when found, attempts to clean these infections. The executable ComboFix.exe, “ComboFix NSIS Installer” has been detected as malware by 34 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Swearware

Product:
ComboFix

Description:
ComboFix NSIS Installer

Version:
14.07.25.01

MD5:
647026406eb609cc4c926389727d0bff

SHA-1:
d5466416e40db2ea208ca31e6f266705f3e6de6e

SHA-256:
8d39eeb3c3e0730fb287f730dc8a5859471d2dfba813cd89d465f4a52b57f003

Scanner detections:
34 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/27/2024 2:31:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
925

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.07.26

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
SaliCode
140617-1

AVG
Win32/Sality
2014.0.3986

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.14725

Bitdefender
Win32.Sality.3
1.0.20.1030

Bkav FE
W32.Sality.PE
1.3.0.4959

Comodo Security
Virus.Win32.Sality.Gen
18967

Dr.Web
Win32.Sector.22
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
8.14.07.25.10

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
11.2014-25-07_6

G Data
Win32.Sality
14.7.24

K7 AntiVirus
Virus
13.181.12846

Kaspersky
Virus.Win32.Sality
15.0.0.494

McAfee
W32/Sality.gen.z
5600.7059

Microsoft Security Essentials
Threat.Undefined
1.179.972.0

MicroWorld eScan
Win32.Sality.3
15.0.0.618

NANO AntiVirus
Virus.Win32.Sality.beygb
0.28.2.60990

Norman
Sality.ZHB
11.20140725

nProtect
Virus/W32.Sality.D
14.07.25.01

Panda Antivirus
W32/Sality.AA
14.07.25.10

Quick Heal
W32.Sality.U
7.14.14.00

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.14723

Sophos
NirCmd
4.98

Total Defense
Win32/Sality.AA
37.0.11080

Trend Micro House Call
PE_SALITY.RL
7.2.206

Trend Micro
PE_SALITY.RL
10.465.25

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
31208

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
5.4 MB (5,638,029 bytes)

Copyright:
sUBs

Original file name:
ComboFix.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\admine\documenti\downloads\combofix.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:8Z53giIC09QUWb4Qabgntpx0+zwJyscdR96TZAq/++9PZCBAHzSf:2Gih0SUW9kgnB0+znRTa++9BhHzSf

Entry address:
0x313C0

Entry point:
8D, 15, 46, 9B, 3A, A9, 53, 3B, C1, 72, 06, F7, C5, 88, C6, E2, 36, 85, C3, 78, 05, 87, CE, 49, 8B, D3, 85, F9, 42, 38, F2, 77, 05, 33, CD, 13, F1, 49, FF, C3, 0F, AF, FB, BF, C4, 32, 2D, D8, F2, 80, FB, A2, 6A, 00, 59, B7, EA, 86, DB, F7, C3, 02, EC, 4B, B0, 0B, CE, 0F, AF, F6, 0F, BE, F9, 8D, 1D, 93, 10, 5E, EE, 69, F3, F8, 4A, D5, E3, 83, E5, 00, 02, DB, C7, C7, 1D, D1, 54, AB, 0F, C1, CD, F2, 0F, AF, D9, 8D, 55, 00, 84, FA, 89, DF, 0F, AF, E8, 81, DD, 53, 15, 7C, 6E, 8D, 02, 0F, BF, CE, C6, C1, ED, 84...
 
[+]

Code size:
20 KB (20,480 bytes)

The file ComboFix.exe has been seen being distributed by the following URL.

http://download.bleepingcomputer.com/dl/92befca9c16f02f67ac39aa45d648804/53d24c7e/windows/security/anti-virus/c/.../ComboFix.exe

Remove ComboFix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.