Download
Community
knowledgeBase
» data toñoxix.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)
data toñoxix.exe
The application data toñoxix.exe has been detected as a potentially unwanted program by 37 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tok-Cirrhatus-4401’. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
File name:
data toñoxix.exe
MD5:
216b5c14a708971cc4255f9514e4fa22
SHA-1:
f0450514eee1f5acccb1be8f4804207319ac88af
SHA-256:
9b01deeff2ee095231558d330cfbc1a851a0e83f7fe9c880b06b54dcb9068434
Analysis
Scanner detections:
37 / 68
Status:
Potentially unwanted
Analysis date:
5/21/2024 9:46:09 AM UTC
(today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Adware.Generic.269124
350
Agnitum Outpost
I-Worm.Brontok.Gen.2
7.1.1
AhnLab V3 Security
HEUR/Fakon.mwf
2016.01.16
Avira AntiVirus
BDS/Agent.ZU
8.3.2.4
Arcabit
Adware.Generic.D41B44
1.0.0.642
avast!
Win32:Brontok-CE [Wrm]
2014.9-160219
AVG
I-Worm/Brontok
2017.0.2828
Baidu Antivirus
Trojan.Win32.Obfuscator
4.0.3.16219
Bitdefender
Adware.Generic.269124
1.0.20.250
Bkav FE
W32.BrontokQ
1.3.0.7400
Clam AntiVirus
Worm.Brontok.AI
0.98/21511
Comodo Security
Worm.Win32.Brontok.BX
23976
Dr.Web
BackDoor.Generic.1138
9.0.1.050
Emsisoft Anti-Malware
Adware.Generic.269124
8.16.02.19.08
ESET NOD32
Win32/Brontok.BX
10.12878
F-Prot
W32/Brontok.DJ@mm
v6.4.7.1.166
F-Secure
Adware.Generic.269124
11.2016-19-02_6
G Data
Adware.Generic.269124
16.2.25
IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.1.9.5.0
K7 AntiVirus
Trojan
13.212.18450
Kaspersky
Email-Worm.Win32.Brontok
14.0.0.636
Malwarebytes
Trojan.Dropper
v2016.02.19.08
McAfee
W32/Rontokbro.gen@MM
5600.6484
Microsoft Security Essentials
Worm:Win32/Brontok.AP@mm
1.1.12400.0
MicroWorld eScan
Adware.Generic.269124
17.0.0.150
NANO AntiVirus
Trojan.Win32.Brontok.ppbk
1.0.14.5380
Panda Antivirus
W32/Brontok.GS.worm
16.02.19.08
Qihoo 360 Security
Malware.Radar01.Gen
1.0.0.1077
Quick Heal
W32.Brontok.Q
2.16.14.00
Rising Antivirus
PE:Trojan.Win32.Mnless.dyr!1442186 [F]
23.00.65.16217
Sophos
W32/Brontok-N
4.98
SUPERAntiSpyware
Trojan.Agent/Gen-SV
9313
Trend Micro House Call
WORM_RONTKBR.GEN
7.2.50
Trend Micro
WORM_RONTKBR.GEN
10.465.19
Vba32 AntiVirus
OScope.Trojan.VB.01849
3.12.26.4
VIPRE Antivirus
Email-Worm.Win32.Brontok.ik
46542
Zillya! Antivirus
Worm.Brontok.Win32.1527
2.0.0.2613
File Details
File size:
44.4 KB (45,464 bytes)
File type:
Executable application (Win32 EXE)
File PE Metadata
OS version:
4.0
OS bitness:
Win32
Subsystem:
Windows GUI
Linker version:
5.12
CTPH (ssdeep):
768:oEO/hm3rHuOxl7bTMGuWw5RRhA1AIgPXllcSn3mRmgq5dBbsbDICv35BMCB:F+hm3rHjTc9W8S1AI+1ln2R9qJ4bZ5N
Entry address:
0x30F7F
Entry point:
E9, D0, F1, FC, FF, 0C, 60, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 0F, 03, 00, 0C, 60, 02, 00...
[+]
Packer / compiler:
RLPack FullEdition V1.1X
Code size:
512 Bytes (512 bytes)
Behaviors
Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name:
Tok-Cirrhatus-4401
Command:
"C:\users\{user}\appdata\local\br9825on.exe"
Network Communications
The executing file has been seen to make the following network communication in live environments.
TCP (HTTP):
Connects to
unknown.prolexic.com
 (72.52.4.121:80)
Remove data toñoxix.exe
- Powered by Reason Core Security
X