hbpzabffmyx.exe

The executable hbpzabffmyx.exe has been detected as malware by 2 anti-virus scanners. It runs as a windows Service named “Log Gateway DCOM Windows Scheduler”. While running, it connects to the Internet address lcbh-jhwr.accessdomain.com on port 80 using the HTTP protocol.
MD5:
85b7511753499470b303b6a9fb7291b4

SHA-1:
68b63b87265d9c0bc49966aafec40c03a80d0ed2

SHA-256:
a11a8cf9a5c94e5965a1c08445a8c8b8d026d69b52755170b0d2df68efe3e94b

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/16/2018 5:01:31 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader23.32321
9.0.1.05190

ESET NOD32
Win32/Bayrob.BL trojan
6.3.12010.0

File size:
1 MB (1,076,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\hbpzabffmyx.exe

File PE Metadata
Compilation timestamp:
8/11/2013 11:51:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xCD38C

Entry point:
E8, BC, 9E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 28, 00, 4F, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 2C, 00, 4F, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, A5, 3C, 00, 00, 85, C0, 75, 06, B8, 90, 01, 4F, 00, C3, 83, C0, 08, C3, E8, 92, 3C, 00, 00, 85, C0, 75, 06, B8, 94, 01, 4F, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
7.0609

Code size:
923.5 KB (945,664 bytes)

Service
Display name:
Log Gateway DCOM Windows Scheduler

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.122:80)

TCP (HTTP):
Connects to zebra530.startdedicated.com  (188.138.106.129:80)

TCP (HTTP):
Connects to ns2.appservhosting.com  (150.107.31.42:80)

TCP (HTTP):
Connects to no16.dothost.co.kr  (211.247.239.26:80)

TCP (HTTP):
Connects to ip234.208-100-26.static.steadfastdns.net  (208.100.26.234:80)

TCP (HTTP):
Connects to ec2-107-21-50-45.compute-1.amazonaws.com  (107.21.50.45:80)

TCP (HTTP):
Connects to perfora.net  (216.250.120.226:80)

TCP (HTTP):
Connects to HKCLOUDN08-930  (122.10.97.107:80)

TCP (HTTP):
Connects to prhsinc.com  (143.95.238.2:80)

TCP (HTTP):
Connects to 216-185-144-185.aus.us.siteprotect.com  (216.185.144.185:80)

TCP (HTTP):
Connects to w8e.rzone.de  (81.169.145.94:80)

TCP (HTTP):
Connects to tammy.timeweb.ru  (92.53.98.44:80)

TCP (HTTP):
Connects to sv360.xserver.jp  (219.94.203.61:80)

TCP (HTTP):
Connects to mail.pointgreen.com  (47.190.5.3:80)

TCP (HTTP):
Connects to lcbh-jhwr.accessdomain.com  (72.47.236.199:80)

TCP (HTTP):
Connects to kundenserver.de  (217.160.122.131:80)

TCP (HTTP):
Connects to ip-77-104-146-26.siteground.com  (77.104.146.26:80)

TCP (HTTP):
Connects to hosting01.secureserver.net  (63.241.136.151:80)

TCP (HTTP):
Connects to fra5.networkpanda.com  (91.134.167.194:80)

TCP (HTTP):
Connects to 93-89-226-17.fbs.com.tr  (93.89.226.17:80)

Remove hbpzabffmyx.exe - Powered by Reason Core Security