empty.pif
The file empty.pif has been detected as malware by 39 anti-virus scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
MD5:
cd72fcb67e9d1110051f474416c424ef
SHA-1:
877f9ae1ddd6643bc3ac53719f3fb86a7daa1e02
SHA-256:
48704b29fc3bd885774b60d83d4351304b64010f18a9d4666f4cb23077663aa0
Scanner detections:
39 / 68
Analysis date:
5/22/2024 12:09:48 AM UTC (today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Win32.Brontok.NB
1116
Agnitum Outpost
I-Worm.Brontok
7.1.1
AhnLab V3 Security
Win32/Brontok.worm.49152.G
2014.01.05
Avira AntiVirus
Worm/Brontok.W.14
7.11.123.152
avast!
Win32:Brontok-CE [Wrm]
2014.9-140114
AVG
I-Worm/Brontok.X
2015.0.3594
Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14114
Bitdefender
Win32.Brontok.NB
1.0.20.70
Bkav FE
W32.BrontokQ
1.3.0.4613
Clam AntiVirus
Win.Worm.Brontok-18
0.98/22199
Comodo Security
Worm.Win32.Brontok.CO
17556
Dr.Web
BackDoor.Generic.3162
9.0.1.05190
Emsisoft Anti-Malware
Win32.Brontok.NB
8.14.01.14.01
ESET NOD32
Win32/Brontok.CO worm
6.3.12010.0
Fortinet FortiGate
W32/Brontok.C@mm
1/14/2014
F-Prot
W32/Brontok.C.gen
4.6.5.141
F-Secure
Win32.Brontok.NB
11.2014-14-01_3
G Data
Win32.Brontok.NB
14.1.22
IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.2.2.29
K7 AntiVirus
EmailWorm
13.175.10735
Kaspersky
Email-Worm.Win32.Brontok
15.0.2.529
Malwarebytes
Trojan.Dropper
v2014.01.14.01
McAfee
W32/Rontokbro.gen@MM
5600.7250
Microsoft Security Essentials
Worm:Win32/Brontok.W@mm
1.165.247.01
MicroWorld eScan
Win32.Brontok.NB
15.0.0.42
NANO AntiVirus
Trojan.Win32.Alman.btuxjj
0.28.0.57029
Norman
Rontokbro
11.20140114
nProtect
Trojan/W32.Agent.45435
14.01.03.01
Panda Antivirus
W32/Brontok.N.worm
14.01.14.01
Quick Heal
W32.Brontok.Q
1.14.12.00
Rising Antivirus
PE:Trojan.Win32.Generic.129094C9!311465161
23.00.65.14112
Sophos
W32/Brontok-Gen
4.96
SUPERAntiSpyware
Trojan.Unknown Origin
10846
Total Defense
Win32/Robknot.AK
37.0.10498
Trend Micro House Call
WORM_RONTOK.EO
7.2.14
Trend Micro
WORM_RONTOK.EO
10.465.14
Vba32 AntiVirus
Email-Worm.Brontok
3.12.24.3
VIPRE Antivirus
Email-Worm.Win32.Brontok.a
25108
ViRobot
I-Worm.Win32.Brontok.45435
2011.4.7.4223
File size:
44.4 KB (45,435 bytes)
Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\empty.pif
CTPH (ssdeep):
768:l6r/0pcM8cJZZD673K383EJBZ4BQTbfqBWV5WV4Pv35BMCl:8bEcM84g3IEIZ4BQ3fqBWy2X5h
The executing file has been seen to make the following network communications in live environments.