» img61723.exe
Overview
Analysis
File Details
Downloads (1)

img61723.exe

The application img61723.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. This is a setup program which is used to install the application. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot. The file has been seen being downloaded from s3-sa-east-1.amazonaws.com.

File name:

img61723.exe

MD5:

c9d76a9e71152221505bba9e25cc2ca8

SHA-1:

d560251de6d9045974b84412e0f31bbab60ea9f6

SHA-256:

ee1e0bee93c65f06034ea4f5932306b09d40be5f38df97ee4f51532abc058399

Scanner detections:

32 / 68

Status:

Potentially unwanted

Explanation:

Part of a backdoor IRC bot network.

Analysis date:

4/24/2024 11:05:12 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.41634

640

Agnitum Outpost

Riskware.Themida

7.1.1

AhnLab V3 Security

Trojan/Win32.Febipos

2015.04.14

avast!

Win32:Malware-gen

2014.9-150506

AVG

Generic10_c

2016.0.3118

Baidu Antivirus

Trojan.Win32.Adond

4.0.3.1556

Bitdefender

Gen:Variant.Symmi.41634

1.0.20.630

Bkav FE

W32.HfsAutoB

1.3.0.6379

Comodo Security

UnclassifiedMalware

21757

Emsisoft Anti-Malware

Gen:Variant.Symmi.41634

8.15.05.06.07

ESET NOD32

Win32/Packed.Themida.ABF (variant)

9.11468

Fortinet FortiGate

PossibleThreat

5/6/2015

F-Prot

W32/S-260459de

v6.4.7.1.166

F-Secure

Gen:Variant.Symmi.41634

11.2015-06-05_4

G Data

Gen:Variant.Symmi.41634

15.5.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15581

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2084

McAfee

Artemis!C9D76A9E7115

5600.6774

Microsoft Security Essentials

Trojan:Win32/Febipos

1.1.11502.0

MicroWorld eScan

Gen:Variant.Symmi.41634

16.0.0.378

NANO AntiVirus

Trojan.Win32.Adond.cznuvh

0.30.16.1110

Norman

Troj_Generic.TXZTR

11.20150506

Panda Antivirus

Trj/Genetic.gen

15.05.06.07

Qihoo 360 Security

Win32/Trojan.6ef

1.0.0.1015

Quick Heal

Trojan.Adond.r6

5.15.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.03HP14

7.2.126

Trend Micro

TROJ_SPNR.03HP14

10.465.06

Vba32 AntiVirus

Trojan.Adond

3.12.26.3

VIPRE Antivirus

Backdoor.Win32.Ircbot.gen

39322

Zillya! Antivirus

Trojan.Adond.Win32.10586

2.0.0.2138

File size:

748 KB (765,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\img61723.exe

File PE Metadata

Compilation timestamp:

5/13/2014 10:52:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.23

CTPH (ssdeep):

12288:pvSaCrlLC6EZlKWKWBHoXp8whPe333oX0IfRjmeGEt6SJd/RGnpHBHP07:pDCrledZK+HEp8ePe3HCDb0Ha

Entry address:

0x1B6000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 70, 0B, 00, 2D, B7, F7, 0A, 10, 05, AC, F7, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 46, 32, F0, 07, 68, 5D, 5C, FA, 1D, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, A5, 97, CC, 39, A1, 96, 84, 89, D0, B3, 61, 61, 13, C3... 
[+]

Code size:

14.5 KB (14,848 bytes)

The file img61723.exe has been seen being distributed by the following URL.

https://s3-sa-east-1.amazonaws.com/.../IMG61723.exe

Remove img61723.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.