» febacpacjofe.exe
Overview
Analysis
File Details
Behaviors (1)
Network (39)

febacpacjofe.exe

The executable febacpacjofe.exe has been detected as malware by 26 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘febacpacjofe’. While running, it connects to the Internet address ht1.domain4all.nl on port 80 using the HTTP protocol.

File name:

febacpacjofe.exe

MD5:

0070a4a0b04b24132409b455f4ca56de

SHA-1:

24238c8ab2d8f37956ff471f2a6a7d5e3fcc16a7

SHA-256:

3d109d7decdbe184da8de6c37e16f802e0c0d8d7b83a1b60769439b20687db62

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/25/2024 11:19:36 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.641950

366

Agnitum Outpost

Trojan.Agentb

7.1.1

AhnLab V3 Security

Trojan/Win32.Jorik

2015.08.17

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.3.1.6

Arcabit

Trojan.Kazy.D9CB9E

1.0.0.425

avast!

Win32:Malware-gen

2014.9-160204

AVG

Agent

2017.0.2844

Bitdefender

Gen:Variant.Kazy.641950

1.0.20.175

Bkav FE

W32.FebackA.Trojan

1.3.0.7062

Dr.Web

Trojan.MulDrop3.14959

9.0.1.035

Emsisoft Anti-Malware

Gen:Variant.Kazy.641950

8.16.02.04.03

ESET NOD32

Win32/Kryptik.CJDR (variant)

10.12104

Fortinet FortiGate

W32/Generic.AC.1853206

2/4/2016

F-Secure

Gen:Variant.Kazy.641950

11.2016-04-02_5

G Data

Gen:Variant.Kazy.641950

16.2.25

IKARUS anti.virus

Trojan.Win32.Agentb

t3scan.1.9.5.0

Kaspersky

Trojan.Win32.Agentb

14.0.0.714

McAfee

GenericR-DUP!0070A4A0B04B

5600.6500

Microsoft Security Essentials

Trojan:Win32/Dorv.A!rfn

1.1.11903.0

MicroWorld eScan

Gen:Variant.Kazy.641950

17.0.0.105

NANO AntiVirus

Trojan.Win32.Agentb.dssjup

0.30.24.3079

Panda Antivirus

Trj/Genetic.gen

16.02.04.03

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

9345

Vba32 AntiVirus

Trojan.Agentb

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

42960

File size:

74.3 KB (76,032 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\owner\febacpacjofe.exe

File PE Metadata

Compilation timestamp:

9/18/2006 2:07:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:u0m6VJUjv+mzmwezb9oGc1i7lpr6zCN/Rlbs4L5uJ+F71MlAketgjy2O9eYWbFgr:zviDzMpGzCTuwYADa5OWZzwfQ37GKEh

Entry address:

0x1000

Entry point:

33, C9, 51, E8, E2, 02, 00, 00, 50, 8F, 05, 9D, 34, B2, 00, C7, 05, F1, 34, B2, 00, 30, 00, 00, 00, C7, 05, F5, 34, B2, 00, 03, 00, 00, 00, C7, 05, F9, 34, B2, 00, 2F, 11, B2, 00, C7, 05, FD, 34, B2, 00, 00, 00, 00, 00, C7, 05, 01, 35, B2, 00, 00, 00, 00, 00, FF, 35, 9D, 34, B2, 00, 8F, 05, 05, 35, B2, 00, C7, 05, 11, 35, B2, 00, 06, 00, 00, 00, C7, 05, 15, 35, B2, 00, 00, 00, 00, 00, C7, 05, 19, 35, B2, 00, 74, 12, B2, 00, 68, 00, 7F, 00, 00, 6A, 00, E8, 3D, 02, 00, 00, A3, 09, 35, B2, 00, A3, 1D, 35, B2... 
[+]

Entropy:

5.8057

Code size:

1024 Bytes (1,024 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

febacpacjofe

Command:

C:\users\owner\febacpacjofe.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to sinkhole-01.sinkhole.tech (95.211.174.92:80)

TCP (HTTP):

Connects to 62-210-140-158.rev.poneytelecom.eu (62.210.140.158:80)

TCP (HTTP):

Connects to xaicom.net (85.214.214.113:80)

TCP (HTTP):

Connects to redirect-v225.secureserver.net (184.168.47.225:80)

TCP (HTTP):

Connects to ht1.domain4all.nl (178.250.193.121:80)

TCP (HTTP):

Connects to cluster011.ovh.net (213.186.33.40:80)

TCP (HTTP):

Connects to ora.ecnet.jp (118.23.162.86:80)

TCP (HTTP):

Connects to ec2-52-1-32-25.compute-1.amazonaws.com (52.1.32.25:80)

TCP (HTTP):

Connects to ec2-52-0-227-11.compute-1.amazonaws.com (52.0.227.11:80)

TCP (HTTP):

Connects to 58-129-15-185.ivolea.com (185.15.129.58:80)

TCP (HTTP):

Connects to perfora.net (74.208.215.199:80)

TCP (HTTP):

Connects to cluster006.ovh.net (213.186.33.17:80)

TCP (HTTP):

Connects to ams93-rev.netart.pl (85.128.201.93:80)

TCP (HTTP):

Connects to 157-7-107-101.virt.lolipop.jp (157.7.107.101:80)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.120:80)

TCP (HTTP):

Connects to sv803.xserver.jp (157.112.176.4:80)

TCP (HTTP):

Connects to ec2-52-204-129-22.compute-1.amazonaws.com (52.204.129.22:80)

TCP (HTTP):

Connects to sinkhole.fitsec.com (193.166.255.171:80)

TCP (HTTP):

Connects to sandiego.ar01.host47.scalematrix.net (199.73.55.48:80)

TCP (HTTP):

Connects to mail.elpro.si (193.77.149.5:80)

Remove febacpacjofe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.