» f7fb90b2dcee85e862f43119ae8cd822_0.npb
Overview
Analysis
File Details

f7fb90b2dcee85e862f43119ae8cd822_0.npb

The file f7fb90b2dcee85e862f43119ae8cd822_0.npb has been detected as malware by 28 anti-virus scanners.

File name:

MD5:

f7fb90b2dcee85e862f43119ae8cd822

SHA-1:

41768395def311fadfad6fa161a9bdbcf4f6130e

SHA-256:

2132d97461fdabcb0a049ef3d43d0ac280535dbb4cb87897538a20880e46b1cb

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/23/2024 9:26:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.5304

6435775

Agnitum Outpost

TrojanSpy.Babonock

7.1.1

AhnLab V3 Security

HEUR/Fakon.mwf

2015.01.25

Avira AntiVirus

TR/Spy.Babonock.A.8

7.11.204.248

avast!

Win.Threat.Undefined

150102-1

AVG

Luhe.Fiha.A

2016.0.3219

Bitdefender

Gen:Variant.Zusy.5304

1.0.20.125

Bkav FE

W32.HfsAutoA

1.3.0.6379

Clam AntiVirus

Trojan.Babonock

0.98/19974

Dr.Web

Trojan.Siggen4.28479

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Zusy.5304

9.0.0.4799

F-Prot

W32/Trojan2.OBHC

4.6.5.141

F-Secure

Gen:Variant.Zusy.5304

5.13.68

G Data

Gen:Variant.Zusy.5304

15.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.192.14746

Kaspersky

Trojan.Win32.Autoit

15.0.0.543

MicroWorld eScan

Gen:Variant.Zusy.5304

16.0.0.75

NANO AntiVirus

Trojan.Win32.Siggen4.brmdeh

0.30.0.64812

Norman

Gen:Variant.Zusy.5304

02.01.2015 13:58:24

Quick Heal

Trojan.Babnock.AZ5

1.15.14.00

Sophos

Virus 'Mal/Babonock-A'

5.09

Total Defense

Win32/FakeFLDR_i

37.0.11402

Trend Micro House Call

Mal_OtorunP

7.2.25

Trend Micro

Mal_OtorunP

10.465.25

Vba32 AntiVirus

TrojanSpy.AutoIt

3.12.26.3

VIPRE Antivirus

Threat.4657539

36666

Zillya! Antivirus

Trojan.Autoit.Win32.7101

2.0.0.2044

File size:

744.4 KB (762,311 bytes)

Common path:

C:\ProgramData\application data\net protector\npbkpn\f7fb90b2dcee85e862f43119ae8cd822_0.npb

File PE Metadata

Compilation timestamp:

1/18/2011 8:14:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:UTyjXW+48qWywrU4kGFezOAVuJ5PIGww7F5DO3HYffH:iIXW/8yw1ez54lIYF5SXYHH

Entry address:

0x7ADD4

Entry point:

E8, E8, 9C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 0C, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 75, 18, E8, E9, 1F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 8C, 1F, 00, 00, 83, C8, FF, E9, 65, 01, 00, 00, 56, 57, E8, 00, 84, 00, 00, 8B, F0, 59, 89, 75, F8, 39, 5F, 04, 7D, 03, 89, 5F, 04, 6A, 01, 53, 56, E8, AA, 9D, 00, 00, 83, C4, 0C, 89, 45, FC, 3B, C3, 0F, 8C, FB, 00, 00, 00, 8B, 57, 0C, F7, C2, 08, 01, 00, 00, 75, 08, 2B, 47, 04, E9, 25, 01, 00, 00, 8B, 07, 8B, 4F, 08, 8B, D8, 2B, D9, 89, 5D, F4... 
[+]

Entropy:

6.2809

Code size:

556.5 KB (569,856 bytes)

Remove f7fb90b2dcee85e862f43119ae8cd822_0.npb - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.