» http-__pf.benjaminstrahs.com_s_1462547368_en_2_3_231028-1800528-moborobo.exe
Overview
Analysis
File Details
Downloads (2)

http-__pf.benjaminstrahs.com_s_1462547368_en_2_3_231028-1800528-moborobo.exe

File name:

MD5:

714e18ccf0f771deabe1d52b208ce418

SHA-1:

eb51d4b8fa1cf7c820cd9dd246027d9586f0cad3

SHA-256:

9322535205b123f7c82f95c4868d2e03a19f01f0ca66f48abc86ea983c23a4b8

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 1:53:43 PM UTC (today)

File size:

2.9 KB (2,988 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\downloads\programs\http-__pf.benjaminstrahs.com_s_1462547368_en_2_3_231028-1800528-moborobo.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

48:p/CFdsXoRGtCkCXNOAt04uVxep4Y04TEWM:ozs4pddV04ufs4TNWM

Entry point:

3C, 21, 44, 4F, 43, 54, 59, 50, 45, 20, 68, 74, 6D, 6C, 3E, 0A, 3C, 68, 74, 6D, 6C, 3E, 0A, 0A, 3C, 68, 65, 61, 64, 3E, 0A, 20, 20, 20, 20, 3C, 6D, 65, 74, 61, 20, 63, 68, 61, 72, 73, 65, 74, 3D, 22, 75, 74, 66, 2D, 38, 22, 3E, 0A, 20, 20, 20, 20, 3C, 6C, 69, 6E, 6B, 20, 72, 65, 6C, 3D, 22, 73, 68, 6F, 72, 74, 63, 75, 74, 20, 69, 63, 6F, 6E, 22, 20, 74, 79, 70, 65, 3D, 22, 69, 6D, 61, 67, 65, 2F, 78, 2D, 69, 63, 6F, 6E, 22, 20, 68, 72, 65, 66, 3D, 22, 66, 61, 76, 69, 63, 6F, 6E, 2E, 69, 63, 6F, 22, 3E, 0A... 
[+]

Entropy:

4.5928

The file http-__pf.benjaminstrahs.com_s_1462547368_en_2_3_231028-1800528-moborobo.exe has been seen being distributed by the following 2 URLs.

http://bitlord.searchmgr.com/?aflt=btlrd&dl=http://www.cleanchucklemeta.com/c?x=MseRNkaReey3rjE5upy25noXQk31ZxdkleGNEUmb2n4=&c=ZZ/M6kA4paynh/69v9kzmI7Cs/0DC6hJ/nx37jNdco5XVTrhrKBU77DVqJlfKclxQSo9MPTk5l+fwf68ONAiFxvBx/Cl6sK/wFDoRE47NlJHq8KmwAJM4rksW1QDRwcVgqa9iTLKcHmvsm0ElYbUIBNnP8j2AOoL6LbuLP5al1PVu4q//0hENoGc1kb2sF+W&e=0&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/windows/BitLordSetup.exe&c=bTVK4Wxzt3uoVGrPC/H/.../ x8V7AfJRIRjwGqNHw0mqQKhCjQmr d0g0=&page_flv=reg&ts=1463666315299

http://ext.srchmgr.com/?aflt=instlmtrx&dl=http://www.vaultsconceptsapps.com/c?x=eNXG5Qks8eZLGPhxubFG4ix7Z C/wRXBGHcuS61Mq6A=&c=ll9Hjgh0FB5H8NzsfHyF2dFXN83xIvSoJC4LhNanhk70B79Gf5aPwp5RK dAIl9jGDEJX/n1C2ewHGtty mJYjeJShUH6RFZYNLwmraPu/w3C4Cc3h/32oYX1oDQ8PS4o1aNrz5DRppnqx 5BKuDP91bXYSEICjbyjvdRep4O4s=&e=0&downloadAs=Minecraft_Game_Downloader.exe&fallback_url=http://piroga.space/pages/inst/IMINTch.html&c=n5WOigasoGV/9p4K8yktbzbRcjIHT1Lj qDaNi/.../c=&page_flv=reg&ts=1466272391370

Scan http-__pf.benjaminstrahs.com_s_1462547368_en_2_3_231028-1800528-moborobo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.