» empty.pif
Overview
Analysis
File Details
Behaviors (1)
Network (3)

empty.pif

The file empty.pif has been detected as malware by 39 anti-virus scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.

File name:

empty.pif

MD5:

cd72fcb67e9d1110051f474416c424ef

SHA-1:

877f9ae1ddd6643bc3ac53719f3fb86a7daa1e02

SHA-256:

48704b29fc3bd885774b60d83d4351304b64010f18a9d4666f4cb23077663aa0

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

5/22/2024 12:09:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Brontok.NB

1116

Agnitum Outpost

I-Worm.Brontok

7.1.1

AhnLab V3 Security

Win32/Brontok.worm.49152.G

2014.01.05

Avira AntiVirus

Worm/Brontok.W.14

7.11.123.152

avast!

Win32:Brontok-CE [Wrm]

2014.9-140114

AVG

I-Worm/Brontok.X

2015.0.3594

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.14114

Bitdefender

Win32.Brontok.NB

1.0.20.70

Bkav FE

W32.BrontokQ

1.3.0.4613

Clam AntiVirus

Win.Worm.Brontok-18

0.98/22199

Comodo Security

Worm.Win32.Brontok.CO

17556

Dr.Web

BackDoor.Generic.3162

9.0.1.05190

Emsisoft Anti-Malware

Win32.Brontok.NB

8.14.01.14.01

ESET NOD32

Win32/Brontok.CO worm

6.3.12010.0

Fortinet FortiGate

W32/Brontok.C@mm

1/14/2014

F-Prot

W32/Brontok.C.gen

4.6.5.141

F-Secure

Win32.Brontok.NB

11.2014-14-01_3

G Data

Win32.Brontok.NB

14.1.22

IKARUS anti.virus

Email-Worm.Win32.Brontok

t3scan.2.2.29

K7 AntiVirus

EmailWorm

13.175.10735

Kaspersky

Email-Worm.Win32.Brontok

15.0.2.529

Malwarebytes

Trojan.Dropper

v2014.01.14.01

McAfee

W32/Rontokbro.gen@MM

5600.7250

Microsoft Security Essentials

Worm:Win32/Brontok.W@mm

1.165.247.01

MicroWorld eScan

Win32.Brontok.NB

15.0.0.42

NANO AntiVirus

Trojan.Win32.Alman.btuxjj

0.28.0.57029

Norman

Rontokbro

11.20140114

nProtect

Trojan/W32.Agent.45435

14.01.03.01

Panda Antivirus

W32/Brontok.N.worm

14.01.14.01

Quick Heal

W32.Brontok.Q

1.14.12.00

Rising Antivirus

PE:Trojan.Win32.Generic.129094C9!311465161

23.00.65.14112

Sophos

W32/Brontok-Gen

4.96

SUPERAntiSpyware

Trojan.Unknown Origin

10846

Total Defense

Win32/Robknot.AK

37.0.10498

Trend Micro House Call

WORM_RONTOK.EO

7.2.14

Trend Micro

WORM_RONTOK.EO

10.465.14

Vba32 AntiVirus

Email-Worm.Brontok

3.12.24.3

VIPRE Antivirus

Email-Worm.Win32.Brontok.a

25108

ViRobot

I-Worm.Win32.Brontok.45435

2011.4.7.4223

File size:

44.4 KB (45,435 bytes)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\empty.pif

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

768:l6r/0pcM8cJZZD673K383EJBZ4BQTbfqBWV5WV4Pv35BMCl:8bEcM84g3IEIZ4BQ3fqBWy2X5h

User Start Menu Item

Name:

Empty.pif

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ir2.fp.vip.ir2.yahoo.com (46.228.47.114:443)

TCP (HTTP SSL):

Connects to ats.sbs.vip.dc11.lumsb.com (8.12.146.61:443)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.121:80)

Remove empty.pif - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.