home

Kolebot.exe

Kolebot

This is a setup program which is used to install the application. The file has been seen being downloaded from docviewer.yandex.com.tr.
Publisher:
Kolebot

Product:
Kolebot

Version:
1.0.0.1

MD5:
d5c9a7fc9d5df124ae113d45e7904c1b

SHA-1:
49c268bc7606fd5d1d3e3bf054c7e131ddd773ac

SHA-256:
fa20b0ae8ebaf811abc74860d2790415bea33c79a9e55f2a40f0b1df5ff1ac04

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 2:04:24 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Abigor
160518-2

McAfee
Artemis!D5C9A7FC9D5D
5600.6329

Qihoo 360 Security
HEUR/QVM04.0.Malware.Gen
1.0.0.1120

File size:
2.1 MB (2,222,353 bytes)

Product version:
1.0.0.1

Copyright:
Onlinehile INC

Original file name:
Kolebot.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\kolebot.exe

File PE Metadata
Compilation timestamp:
6/9/2016 6:26:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:/mPh/o90tvvvBFS1IFVlz1qytrB1E9HB4fRwSSpAb120JQywUHe5/4M90N3FIixT:2HPS+z1aguy1reUbOixgzRgBxnK5QL

Entry address:
0x18CC

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 20, 57, 00, A1, 9F, 20, 57, 00, C1, E0, 02, A3, A3, 20, 57, 00, 52, 6A, 00, E8, A1, F6, 16, 00, 8B, D0, E8, 26, 14, 16, 00, 5A, E8, 20, 10, 16, 00, E8, 37, 19, 16, 00, 6A, 00, E8, 78, 2C, 16, 00, 59, 68, 48, 20, 57, 00, 6A, 00, E8, 7B, F6, 16, 00, A3, A7, 20, 57, 00, 6A, 00, E9, C3, BB, 16, 00, E9, AA, 2C, 16, 00, 33, C0, A0, 91, 20, 57, 00, C3, A1, A7, 20, 57, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, EC, 00, 00, 00, 0B, C9...
 
[+]

Code size:
1.4 MB (1,511,424 bytes)

The file Kolebot.exe has been seen being distributed by the following URL.

https://docviewer.yandex.com.tr/source?id=4mtte-fhc2l4riv6czujbkn1t20p90u3br2qnbdfx4nvvzlnwad4b4nbd7xwtpmjlm8pijh9tj5hvm94izh1v8qu7ett8jcbye02rdl34&archive-path=//Kolebot.exe&ts=15544134df1&token=NoQiqVoxpa OEXCwS5FWUQ==&name=KolebotUsko2123v1.rar

Scan Kolebot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.