home

limbo.exe

The executable limbo.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s6394.chomikuj.pl and multiple other hosts.
MD5:
ad59c75020404a58c9c1d5cd9a343505

SHA-1:
e9da6cf4e1748f40ba5cd2b2afb17769625781df

SHA-256:
092f37621e7150001e78b3e36151c1e75b7b138f8bdae8804f0e1adc2e16e8d7

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
4/25/2024 10:30:37 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
HackTool.Crack
7.1.1

Bitdefender
Gen:Heur.Crifi.2
1.0.20.1770

ESET NOD32
Win32/HackTool.Crack (variant)
7.8047

Fortinet FortiGate
W32/Chifrax.A!tr
12/20/2013

F-Secure
Gen:Heur.Crifi.2
11.2013-20-12_6

G Data
Gen:Heur.Crifi
13.12.22

K7 AntiVirus
Trojan
13.160.8248

Kaspersky
Trojan.Win32.Chifrax
14.0.0.4594

MicroWorld eScan
Gen:Heur.Crifi.2
14.0.0.1062

NANO AntiVirus
Trojan.Win32.Crack.wovtt
0.22.8.50637

Rising Antivirus
Dropper.Win32.Droper.cdd
23.00.65.131218

Sophos
Mal/Chifrax-A
4.86

Trend Micro House Call
TROJ_GEN.RCBH1K2
7.2.354

Trend Micro
TROJ_SPNR.0CCR12
10.465.20

File size:
70.6 MB (74,027,953 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\b8c33c35-915b-429d-9bb2-2abb8c39c59e\limbo.exe

File PE Metadata
OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:ot9nrK9jwSxECu7Fed21OY6F11qa2yyWzd5teUGoNeaLbya:kJGhZxvusdtYk1qa2yyWzdiUGPaLbya

Entry address:
0x71500

Entry point:
60, BE, 00, B0, 45, 00, 8D, BE, 00, 60, FA, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 67, FC, 06, 00, 57, 83, C3, 04, 53, 68, F0, 64, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
96 KB (98,304 bytes)

The file limbo.exe has been seen being distributed by the following 8 URLs.

http://s6394.chomikuj.pl/File.aspx?e=0WRxYjpRwteni-3_i-nP9pbIM46hdrUgTky9wPl5C-_jycrjC3ma8EtaxTOaRIR_03ydAZi18gjNMJlvGvmzKDMhGnq1uuSYi6Dw_XhPJSdewDDye2ZopzjErn6db7E1V3YET2GlCIvpbIA-HxTzqDnrWMiHmIlM9tCjzjDvanUUNf9foG0bnQQ4uEz8Z-Se&pv=2

blob:http://unrar.flowsoft7.com/1126cf66-890b-4337-a2f8-8a76ecdd99f5

http://www19.zippyshare.com/d/dzFOYo4Y/.../LIMBO.exe

http://s10178.chomikuj.pl/File.aspx?e=0WRxYjpRwteni-3_i-nP9mlJhXGKoXty6PdiJpsgGD3Xfx5OvbK43le9UPWrDPnr-C6cUsxDGr9C-CMwwVAB8-qdz5ItCBFWYMIE-A-vVjDDDKUfaIw5FVejnkrnmpzqaIoNLntpKI8yEXz1RzzPtA&pv=2

http://fileshare7520.depositfiles.org/auth-1370927109cf4ddb73951a54e88c2ba9-186.122.44.119-505412539-112516880-guest/.../Setup.exe

https://download77.files.attachmail.ru/27C09F56AC5743ACA51F753A1C3B6634/.../LIMBO.exe

https://dl-web.dropbox.com/get/Akenar/.../LIMBO.exe

http://dc654.2shared.com/download/.../LIMBO.exe

Remove limbo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.