home

m2bob.exe

The executable m2bob.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ni871050_1.vweb02.nitrado.net.
Version:
1.0.0.753

MD5:
2de699e31484cc4e1f1f4ada350108cf

SHA-1:
12676f60a04beac1f7173a9af13cf2ba69b6ed47

SHA-256:
42283c8a1242128fd07ccd11c31c1ed52c2742167159659e265256caf7be0999

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/23/2025 1:34:39 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
160126-1

Emsisoft Anti-Malware
Gen:Variant.Symmi.59468
10.0.0.5366

ESET NOD32
Win32/Packed.Themida suspicious application
7.0.302.0

F-Secure
Variant.Symmi.59468
5.15.21

Norman
Gen:Variant.Symmi.59468
03.02.2016 10:30:35

File size:
2.3 MB (2,397,696 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\m2bob.exe

File PE Metadata
Compilation timestamp:
2/5/2016 1:43:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:Z0NZle6bSXShOrw2POG8aE3ERLXEBF8CxlocpmdDrO3DXukQ:2Tle2SChQBL8JUNOCCsiYe3De

Entry address:
0x733000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 10, 0E, 00, 2D, 8C, AC, 0B, 10, 05, 83, AC, 0B, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, D0, 5D, 43, 76, 68, 1D, A1, 90, 52, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 3E, D7, 6D, EA, AD, 1B, 57, A2, E4, 1C, 6A, 20, 4A, C9, C5, 13...
 
[+]

Entropy:
7.9626  (probably packed)

Code size:
3.4 MB (3,608,576 bytes)

The file m2bob.exe has been seen being distributed by the following URL.

http://ni871050_1.vweb02.nitrado.net/.../M2Bob.exe

Remove m2bob.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.