home

iwkkibebeb.exe

Google Update

The executable iwkkibebeb.exe, “Google Update Setup” has been detected as malware by 34 anti-virus scanners. The file has been seen being downloaded from s2.sfcdn.in.
Publisher:
Google Inc.*  (Invalid match)

Product:
Google Update

Description:
Google Update Setup

Version:
1.3.21.115

MD5:
cc1f2c1508a498acbe36d174f05cd9a9

SHA-1:
ee7c4a2e63cf7aa4b293c157543a786d0b1f6991

SHA-256:
f40ef0b1a092560d98968526d578dae19f64d00859618ecfa43e9b6f9dc904e3

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
4/26/2024 2:54:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.49801
221

Agnitum Outpost
Trojan.DR.FrauDrop
7.1.1

AhnLab V3 Security
Dropper/Win32.FrauDrop
2015.07.25

Avira AntiVirus
BDS/MSIL.Bladabindi.2433
8.3.1.6

Arcabit
Trojan.Strictor.DC289
1.0.0.425

avast!
MSIL:GenMalicious-IW [Trj]
2014.9-160628

AVG
Dropper.Generic9
2017.0.2699

Baidu Antivirus
Trojan.MSIL.Bladabindi
4.0.3.16628

Bitdefender
Gen:Variant.Strictor.49801
1.0.20.900

Clam AntiVirus
Win.Trojan.Njrat-1
0.98/21511

Comodo Security
UnclassifiedMalware
22855

Dr.Web
Win32.HLLW.Autoruner.25074
9.0.1.0180

Emsisoft Anti-Malware
Gen:Variant.Strictor.49801
8.16.06.28.07

ESET NOD32
MSIL/Bladabindi
10.11992

Fortinet FortiGate
W32/FrauDrop.ACDKC!tr
6/28/2016

F-Secure
Gen:Variant.Strictor.49801
11.2016-28-06_3

G Data
Gen:Variant.Strictor.49801
16.6.25

IKARUS anti.virus
Backdoor.MSIL
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.207.16676

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-11

McAfee
Artemis!CC1F2C1508A4
5600.6355

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.1.11903.0

MicroWorld eScan
Gen:Variant.Strictor.49801
17.0.0.540

NANO AntiVirus
Trojan.Win32.FrauDrop.cwkwaq
0.30.24.2668

nProtect
Trojan-Dropper/W32.FrauDrop.146944
15.07.23.01

Panda Antivirus
Trj/CI.A
16.06.28.07

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Quick Heal
TrojanDropper.FrauDrop.r3
6.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.162BAC97!371960983
23.00.65.16626

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.0BLC13
7.2.180

Trend Micro
TROJ_SPNR.0BLC13
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
42294

Zillya! Antivirus
Dropper.FrauDrop.Win32.25374
2.0.0.2314

File size:
143.5 KB (146,944 bytes)

Product version:
1.3.21.115

Copyright:
Copyright 2007-2010 Google Inc.

Original file name:
GoogleUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\iwkkibebeb.exe

File PE Metadata
Compilation timestamp:
11/26/2013 6:17:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:ZEYuY3Msbur3O/S+6HVuiXiOvSsjvk6IM8s+HE9:Sths6SSjuizvSs1IM8s+k9

Entry address:
0xCBEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 68, 00, 00, 80, 10, 00, 00, 00, 80, 00, 00, 80, 18, 00, 00, 00, 98, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 05, 00, 01, 00, 00, 00, B0, 00, 00, 80, 02, 00, 00, 00, C8, 00, 00, 80, 03, 00, 00, 00, E0, 00, 00, 80, 04, 00, 00, 00, F8, 00, 00, 80, 05, 00, 00, 00, 10, 01, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5715

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
43 KB (44,032 bytes)

The file iwkkibebeb.exe has been seen being distributed by the following URL.

http://s2.sfcdn.in/NjI4MWE0YWRkODJmMjk1MmZjZTg4Y2Q2NmMzM2E5ZDdkMzRjODBkNjoxVm9DS1I6NUJ0TnFwN2tmTXFhTWM4OFlqUnhrM3NHazN3/.../google.exe

Remove iwkkibebeb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.