» data toñoxix.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

data toñoxix.exe

The application data toñoxix.exe has been detected as a potentially unwanted program by 37 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tok-Cirrhatus-4401’. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.

File name:

data toñoxix.exe

MD5:

216b5c14a708971cc4255f9514e4fa22

SHA-1:

f0450514eee1f5acccb1be8f4804207319ac88af

SHA-256:

9b01deeff2ee095231558d330cfbc1a851a0e83f7fe9c880b06b54dcb9068434

Scanner detections:

37 / 68

Status:

Potentially unwanted

Analysis date:

5/21/2024 9:46:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.269124

350

Agnitum Outpost

I-Worm.Brontok.Gen.2

7.1.1

AhnLab V3 Security

HEUR/Fakon.mwf

2016.01.16

Avira AntiVirus

BDS/Agent.ZU

8.3.2.4

Arcabit

Adware.Generic.D41B44

1.0.0.642

avast!

Win32:Brontok-CE [Wrm]

2014.9-160219

AVG

I-Worm/Brontok

2017.0.2828

Baidu Antivirus

Trojan.Win32.Obfuscator

4.0.3.16219

Bitdefender

Adware.Generic.269124

1.0.20.250

Bkav FE

W32.BrontokQ

1.3.0.7400

Clam AntiVirus

Worm.Brontok.AI

0.98/21511

Comodo Security

Worm.Win32.Brontok.BX

23976

Dr.Web

BackDoor.Generic.1138

9.0.1.050

Emsisoft Anti-Malware

Adware.Generic.269124

8.16.02.19.08

ESET NOD32

Win32/Brontok.BX

10.12878

F-Prot

W32/Brontok.DJ@mm

v6.4.7.1.166

F-Secure

Adware.Generic.269124

11.2016-19-02_6

G Data

Adware.Generic.269124

16.2.25

IKARUS anti.virus

Email-Worm.Win32.Brontok

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18450

Kaspersky

Email-Worm.Win32.Brontok

14.0.0.636

Malwarebytes

Trojan.Dropper

v2016.02.19.08

McAfee

W32/Rontokbro.gen@MM

5600.6484

Microsoft Security Essentials

Worm:Win32/Brontok.AP@mm

1.1.12400.0

MicroWorld eScan

Adware.Generic.269124

17.0.0.150

NANO AntiVirus

Trojan.Win32.Brontok.ppbk

1.0.14.5380

Panda Antivirus

W32/Brontok.GS.worm

16.02.19.08

Qihoo 360 Security

Malware.Radar01.Gen

1.0.0.1077

Quick Heal

W32.Brontok.Q

2.16.14.00

Rising Antivirus

PE:Trojan.Win32.Mnless.dyr!1442186 [F]

23.00.65.16217

Sophos

W32/Brontok-N

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-SV

9313

Trend Micro House Call

WORM_RONTKBR.GEN

7.2.50

Trend Micro

WORM_RONTKBR.GEN

10.465.19

Vba32 AntiVirus

OScope.Trojan.VB.01849

3.12.26.4

VIPRE Antivirus

Email-Worm.Win32.Brontok.ik

46542

Zillya! Antivirus

Worm.Brontok.Win32.1527

2.0.0.2613

File size:

44.4 KB (45,464 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:oEO/hm3rHuOxl7bTMGuWw5RRhA1AIgPXllcSn3mRmgq5dBbsbDICv35BMCB:F+hm3rHjTc9W8S1AI+1ln2R9qJ4bZ5N

Entry address:

0x30F7F

Entry point:

E9, D0, F1, FC, FF, 0C, 60, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 0F, 03, 00, 0C, 60, 02, 00... 
[+]

Packer / compiler:

RLPack FullEdition V1.1X

Code size:

512 Bytes (512 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Tok-Cirrhatus-4401

Command:

"C:\users\{user}\appdata\local\br9825on.exe"

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.121:80)

Remove data toñoxix.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.