» dubrute.exe
Overview
Analysis
File Details
Network (17)

dubrute.exe

The application dubrute.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. While running, it connects to the Internet address b1c281ec.virtua.com.br on port 3389.

File name:

dubrute.exe

MD5:

e4c2764b4bf6395365b34414d5e7cdf5

SHA-1:

6078eef90dc6c949f99586bc65e9dfc34bc4a042

SHA-256:

7175d69f1b0300e62b508506c10abd3d2de60c5e05c7339d3472508e2fe033ae

Scanner detections:

33 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:49:22 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Brute.B

1017

Agnitum Outpost

HackTool.BruteForce

7.1.1

AhnLab V3 Security

Win-Trojan/Bruteforce.294912

14.04.24

Avira AntiVirus

SPR/Tool.Brute.B.5

7.11.144.178

avast!

Win32:HackTool-FJ [PUP]

2014.9-140424

AVG

HackTool

2015.0.3495

Baidu Antivirus

HackTool.Win32.BruteForce

4.0.3.14424

Bitdefender

Application.Brute.B

1.0.20.570

Bkav FE

W32.Clodf6d.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Hacktool-816

0.98/18355

Comodo Security

UnclassifiedMalware

18149

Dr.Web

Tool.Bruteforce.97

9.0.1.0114

ESET NOD32

Win32/HackTool.BruteForce.AC (variant)

8.9707

F-Secure

Application.Brute.B

11.2014-24-04_5

G Data

Application.Brute

14.4.24

IKARUS anti.virus

HackTool.Win32.BruteForce

t3scan.1.6.1.0

K7 AntiVirus

Hacktool

13.176.11847

Kaspersky

HackTool.Win32.BruteForce

14.0.0.3969

Malwarebytes

PUP.HackTool.BruteForce

v2014.04.24.06

McAfee

RDN/Generic PUP.z!dv

5600.7151

Microsoft Security Essentials

HackTool:Win32/DUBrute.A

1.10502

MicroWorld eScan

Application.Brute.B

15.0.0.342

NANO AntiVirus

Trojan.Win32.BruteForce.vssyx

0.28.0.59492

nProtect

Trojan/W32.Agent.294912.VE

14.04.22.01

Panda Antivirus

Generic Malware

14.04.24.06

Qihoo 360 Security

Win32/Trojan.b7f

1.0.0.1015

Quick Heal

HackTool.BruteForce.xl (Not a Virus)

4.14.12.00

Rising Antivirus

PE:HackTool.DUBrute!1.9F85

23.00.65.14422

Sophos

DUBrute

4.98

SUPERAntiSpyware

Hacktool/BruteForce

10646

Trend Micro House Call

TROJ_SPNR.29G513

7.2.114

Trend Micro

TROJ_SPNR.29G513

10.465.24

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

28494

File size:

288 KB (294,912 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

1/13/2012 2:27:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:U8OYtRb9AceH+cgLfyw9Ekzq1HjYpVxjjifSHvOujMSxSjR8bkH:PRCcQGmYb

Entry address:

0x230B6

Entry point:

55, 8B, EC, 6A, FF, 68, B0, 6A, 42, 00, 68, B0, 30, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 0C, 52, 42, 00, 59, 83, 0D, 28, 2B, 44, 00, FF, 83, 0D, 2C, 2B, 44, 00, FF, FF, 15, 08, 52, 42, 00, 8B, 0D, 1C, 2B, 44, 00, 89, 08, FF, 15, 04, 52, 42, 00, 8B, 0D, 18, 2B, 44, 00, 89, 08, A1, 00, 52, 42, 00, 8B, 00, A3, 24, 2B, 44, 00, E8, 89, BE, FE, FF, 39, 1D, 30, 28, 44, 00, 75, 0C, 68, AB, EF, 40, 00, FF, 15, FC, 51... 
[+]

Entropy:

6.4539

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

144 KB (147,456 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to sisweb.aerop.com.br (177.126.170.38:3389)

TCP:

Connects to b1c281ec.virtua.com.br (177.194.129.236:3389)

TCP:

Connects to b1b60013.virtua.com.br (177.182.0.19:3389)

TCP:

Connects to b18df899.virtua.com.br (177.141.248.153:3389)

TCP:

Connects to b18cf77c.virtua.com.br (177.140.247.124:3389)

TCP:

Connects to b153e337.virtua.com.br (177.83.227.55:3389)

TCP:

Connects to b152b9c6.virtua.com.br (177.82.185.198:3389)

TCP:

Connects to b152b65d.virtua.com.br (177.82.182.93:3389)

TCP:

Connects to b1527ad0.virtua.com.br (177.82.122.208:3389)

TCP:

Connects to b15254f2.virtua.com.br (177.82.84.242:3389)

TCP:

Connects to b140a65e.virtua.com.br (177.64.166.94:3389)

TCP:

Connects to 41.170.126.177.static.sp2.alog.com.br (177.126.170.41:3389)

TCP:

Connects to 177-86-160-252.ruraltec.net.br (177.86.160.252:3389)

TCP:

Connects to 177-128-34-18.viasatfibra.com.br (177.128.34.18:3389)

TCP:

Connects to 177-106-008-61.xd-dynamic.algarnetsuper.com.br (177.106.8.61:3389)

TCP:

Connects to 177-101-245-38.static.stech.net.br (177.101.245.38:3389)

TCP:

Connects to 177-100-133-145.viacaboip.com.br (177.100.133.145:3389)

Remove dubrute.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.