home

moo0_anti-recovery_1.05.exe

Installer

Moo0

The application moo0_anti-recovery_1.05.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Moo0

Product:
Installer

Version:
1.0.0.0

MD5:
f761286ff200d1bf18d31501a5060846

SHA-1:
00c45e17d2fc2ad8039abdf2929e4f336c249781

SHA-256:
3159b87f3a83376dd93ac15ec00265f6906108e5a4ad96b4f1044ecafbdbac82

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 6:33:21 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.1222
9.0.1.0275

ESET NOD32
Win32/Complitly (variant)
8.10182

File size:
3.2 MB (3,313,664 bytes)

Product version:
1.0.0.0

Copyright:
(c) Moo0. All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
8/12/2011 4:53:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:K2CA5t9qG1CTWzQgd6git3ODmkVjnlMgKYcYnxDEPYd:yAv9LATWzQgog8+DxVjllKYcYxo2

Entry address:
0xB582C

Entry point:
E8, DF, 83, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, B0, FB, 53, 00, 75, 02, F3, C3, E9, 5F, 84, 00, 00, 51, 53, 55, 56, 57, FF, 35, C8, E8, 54, 00, E8, 90, 7D, 00, 00, FF, 35, C4, E8, 54, 00, 8B, F0, 89, 74, 24, 18, E8, 7F, 7D, 00, 00, 8B, F8, 3B, FE, 59, 59, 0F, 82, 84, 00, 00, 00, 8B, DF, 2B, DE, 8D, 6B, 04, 83, FD, 04, 72, 78, 56, E8, 05, 6B, 00, 00, 8B, F0, 3B, F5, 59, 73, 4A, B8, 00, 08, 00, 00, 3B, F0, 73, 02, 8B, C6, 03, C6, 3B, C6, 72, 10, 50, FF, 74, 24, 14, E8, 8A, 85, 00, 00, 85, C0, 59, 59, 75, 17...
 
[+]

Code size:
1 MB (1,060,864 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove moo0_anti-recovery_1.05.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.