home

darkorbit-bot.exe

AutoHotkey_H

The executable darkorbit-bot.exe, “AutoHotkey_H Unicode 32-bit” has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dla.uloz.to.
Product:
AutoHotkey_H

Description:
AutoHotkey_H Unicode 32-bit

Version:
1.1.16.05

MD5:
d1fb117e0033f650fcaf6e4ddba71343

SHA-1:
e2374b75aa9a432f6efe19b4ac12d7c1079f94c4

SHA-256:
eb82b257fdf2bfa93961a49f1d14883ef40a984033c72016b089c5799c865163

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/19/2024 3:54:31 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7383

Comodo Security
TrojWare.Win32.Trojan.Banker.~d08
23772

Dr.Web
Trojan.DownLoader11.48403
9.0.1.05190

ESET NOD32
Detection.Undefined
7.0.302.0

File size:
544 KB (557,056 bytes)

Product version:
1.1.16.05

Copyright:
Copyright (C) 2012

Original file name:
AutoHotkey.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\darkorbit-bot.exe

File PE Metadata
Compilation timestamp:
10/27/2014 8:24:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:NJ47FDrSMUh6+bfm5Gl4EUHRv/NcwZO2Pi3Bc0jrD:z47FFRkm5lHh/NS2PI

Entry address:
0x11FB01

Entry point:
60, E8, 00, 00, 00, 00, 58, 05, 9E, 02, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 74, 05, 88, 04, 31, EB, F4, 88, 04, 31, 8B, D6, 8B, CF, E8, 56, 00, 00, 00, 5E, 5A, 83, EA, 05, 2B, C9, 3B, CA, 73, 26, 8B, D9, AC, 41, 24, FE, 3C, E8, 75, F2, 43, 83, C1, 04, AD, 0B, C0, 78, 06, 3B, C2, 73, E5, EB, 06, 03, C3, 78, DF, 03, C2, 2B, C3, 89, 46, FC, EB, D6, E8, 00, 00, 00, 00, 5F, 81, C7, 8D, FF, FF, FF, B0, E9, AA, B8, 9A, 02...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
761 KB (779,264 bytes)

The file darkorbit-bot.exe has been seen being distributed by the following URL.

http://dla.uloz.to/Ps;Hs;fid=70214685;cid=442441860;rid=2048107861;up=0;uip=46.13.187.206;tm=1449756716;ut=f;aff=uloz.to;did=uloz-to;He;ch=8208fb946912c622892ae32c88b0e4e3;Pe/.../darkorbit-bot-exe?bD&c=442441860&De

Remove darkorbit-bot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.