» kb65913168.exe
Overview
Analysis
File Details

kb65913168.exe

Microsoft Visual Studio 2008

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable kb65913168.exe, “Microsoft® Browse Information Maintenance Utility” has been detected as malware by 24 anti-virus scanners. This trojan will attemp to establish a connection to a remote server through various TCP ports and will use Winlogon to survive reboots.

File name:

kb65913168.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Visual Studio® 2008

Description:

Microsoft® Browse Information Maintenance Utility

Version:

9.00.21022.08 built by: RTM

MD5:

bd02d595a6705cb3c51a44ea69d3d2b7

SHA-1:

2eb9643d5624ee13e371ad56ce77ef5c8becb2ff

SHA-256:

ac2ff52007e86e73b883eeb12b59890229de919426a37c4cf4fe5ede5f8fd830

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

5/8/2024 9:30:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.756606

435

AhnLab V3 Security

Trojan/Win32.Upbot

2015.10.27

Avira AntiVirus

TR/Crypt.Xpack.306404

8.3.2.2

Arcabit

Trojan.Kazy.DB8B7E

1.0.0.585

avast!

Win32:Androp [Drp]

2014.9-151126

AVG

Crypt_r

2016.0.2913

Baidu Antivirus

Backdoor.Win32.Farfli

4.0.3.151126

Bitdefender

Gen:Variant.Kazy.756606

1.0.20.1650

Dr.Web

Trojan.DownLoader16.45853

9.0.1.0330

Emsisoft Anti-Malware

Gen:Variant.Kazy.756606

8.15.11.26.08

ESET NOD32

Win32/Kryptik.EBTZ (variant)

9.12467

Fortinet FortiGate

W32/Farfli.ABKL!tr.bdr

11/26/2015

F-Secure

Gen:Variant.Kazy.756606

11.2015-26-11_5

G Data

Gen:Variant.Kazy.756606

15.11.25

K7 AntiVirus

Trojan

13.212.17655

Kaspersky

Backdoor.Win32.Farfli

14.0.0.1061

Malwarebytes

Trojan.FakeMS

v2015.11.26.08

Microsoft Security Essentials

Trojan:Win32/Lethic.B

1.1.12205.0

MicroWorld eScan

Gen:Variant.Kazy.756606

16.0.0.990

NANO AntiVirus

Trojan.Win32.Farfli.dydxow

0.30.26.3947

Panda Antivirus

Trj/Genetic.gen

15.11.26.08

Reason Heuristics

Threat.Win.Reputation.IMP

15.11.27.21

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

44830

File size:

271.5 KB (278,016 bytes)

Product version:

9.00.21022.08

Original file name:

BSCMAKE.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\kb65913168.exe

File PE Metadata

Compilation timestamp:

10/22/2015 4:50:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:DRnp78nCDqqIVM8XNKE2ONq4+YB5SqAlv8O2CKRFfLNAg0FuZO5Gs+zVdAQ17/R+:d253fLNq4fiHlv8OYHNAOZOW1BM

Entry address:

0x16DA7

Entry point:

E8, 46, 4E, 00, 00, E9, 78, FE, FF, FF, B8, F8, A7, 43, 00, C3, A1, E0, 2B, 44, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, E0, 2B, 44, 00, 6A, 04, 50, E8, EF, 4E, 00, 00, 59, 59, A3, C0, 1B, 44, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, E0, 2B, 44, 00, E8, D6, 4E, 00, 00, 59, 59, A3, C0, 1B, 44, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, F8, A7, 43, 00, EB, 05, A1, C0, 1B, 44, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, 78, AA, 43, 00, 7C, EA, 6A... 
[+]

Code size:

149 KB (152,576 bytes)

Remove kb65913168.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.