» macro xburttom.exe
Overview
Analysis
File Details
Downloads (1)

macro xburttom.exe

JavaUpdate

Java@Registred

The executable macro xburttom.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from fs03n1.sendspace.com.

File name:

macro xburttom.exe

Publisher:

Java@Registred

Product:

JavaUpdate

Description:

JavaUpadate.exe

Version:

7.02.0012

MD5:

161cc03324518eeaacd6e485203d05f3

SHA-1:

5095d61e2c36c9f10917f6c08a5f0768146d2012

SHA-256:

3e3dc2cfc08ab3cdb7e99b512becef74232855c13660ef225ab4db87a5b3f94d

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/18/2024 9:18:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Backdoor.Heur.Bifrose.Km3@cCu0KTmi

372

Agnitum Outpost

Trojan.DR.VB

7.1.1

AhnLab V3 Security

Trojan/Win32.VB

2016.01.02

Avira AntiVirus

BDS/Bladabindi.dcrj

8.3.2.4

Arcabit

Gen:Backdoor.Heur.Bifrose.ECDBB4

1.0.0.637

avast!

MSIL:Bladabindi-JK [Trj]

2014.9-160129

AVG

VBCrypt

2017.0.2850

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.16129

Bitdefender

Gen:Backdoor.Heur.Bifrose.Km3@cCu0KTmi

1.0.20.145

Bkav FE

W32.HfsOval

1.3.0.7400

Clam AntiVirus

Win.Backdoor.Bladabindi-1

0.98/21511

Comodo Security

Backdoor.Win32.Agent.CEP13

23898

Dr.Web

Trojan.MulDrop.7451

9.0.1.029

Emsisoft Anti-Malware

Gen:Backdoor.Heur.Bifrose.Km3@cCu0KTmi

8.16.01.29.04

ESET NOD32

Win32/TrojanDropper.VB.OOQ

10.12804

Fortinet FortiGate

W32/VB.NMR!tr

1/29/2016

F-Prot

W32/VBTrojan.Dropper.5

v6.4.7.1.166

F-Secure

Gen:Backdoor.Heur.Bifrose.Km3@cCu0KTmi

11.2016-29-01_6

G Data

Gen:Backdoor.Heur.Bifrose.Km3@cCu0KTmi

16.1.25

IKARUS anti.virus

Trojan.MulDrop

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18299

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.744

Malwarebytes

Backdoor.Agent.DC

v2016.01.29.04

McAfee

Generic Dropper.f

5600.6506

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.12400.0

MicroWorld eScan

Gen:Backdoor.Heur.Bifrose.Km3@cCu0KTmi

17.0.0.87

NANO AntiVirus

Trojan.Win32.Bifrose.ixsc

1.0.14.5380

Panda Antivirus

Trj/Genetic.gen

16.01.29.04

Quick Heal

Backdoor.Bifrose.EF3

1.16.14.00

Rising Antivirus

PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]

23.00.65.16127

Sophos

Troj/KillAV-FG

4.98

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.29

Trend Micro

BKDR_BLADABI.SMC

10.465.29

Vba32 AntiVirus

TrojanDropper.VB

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

46220

Zillya! Antivirus

Dropper.VB.Win32.62659

2.0.0.2591

File size:

588.1 KB (602,207 bytes)

Product version:

7.02.0012

www.java.com

Trademarks:

www.java.com

Original file name:

cactus.dll

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\macro xburttom.exe

File PE Metadata

Compilation timestamp:

1/18/2014 8:12:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:GVE4FXRukiJqExOe8NsdV1DBx8lrbP6U/H22dCC/Ia:GVE4RRpDNQ8xbB25Pa

Entry address:

0x109C

Entry point:

68, F4, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 22, BF, F6, 35, 01, A8, 7D, 4A, A9, D1, 1C, 56, 22, 85, 20, DE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 36, 5C, 50, 52, 4F, 58, 00, 54, 4F, 20, 45, 4D, 20, 00, 00, 00, 00, 07, 00, 00, 00, B4, 15, 40, 00, 07, 00, 00, 00, 58, 15, 40, 00, 56, 42, 35, 21, F0, 1F, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 09, 04, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

4 KB (4,096 bytes)

The file macro xburttom.exe has been seen being distributed by the following URL.

https://fs03n1.sendspace.com/dl/ffbb4f7505fadaad312c8db70de585da/5660cc1a221eb43c/.../Macro Xburttom.exe

Remove macro xburttom.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.