» recovermyfiles-v5.exe
Overview
Analysis
File Details
Network (2)

recovermyfiles-v5.exe

Installer

The application recovermyfiles-v5.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Product:

Installer

Version:

1.0.0.0

MD5:

6ba49e0eec1a264a31a5de5b3253292a

SHA-1:

6d44770b97cfa7a228c69e11312a3aae42409bbd

SHA-256:

63cc317a594db459c1317dd99f826019b6bd3f4a8507f5caf44e80161ee0d5d3

Scanner detections:

32 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:30:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.55608

435

Agnitum Outpost

Trojan.Badur

7.1.1

Avira AntiVirus

TR/Strictor.55608.3

8.3.2.2

Arcabit

Trojan.Strictor.DD938

1.0.0.585

avast!

Win32:Dropper-gen [Drp]

2014.9-151127

AVG

Generic36

2016.0.2913

Baidu Antivirus

PUA.MSIL.Agent

4.0.3.151127

Bitdefender

Gen:Variant.Strictor.55608

1.0.20.1655

Clam AntiVirus

Win.Trojan.Strictor-90

0.98/21511

Comodo Security

TrojWare.MSIL.TrojanDownloader.Agent.VA

23474

Dr.Web

Trojan.DownLoader11.19537

9.0.1.0331

Emsisoft Anti-Malware

Gen:Variant.Strictor.55608

8.15.11.27.04

ESET NOD32

MSIL/Downloader.Agent.G potentially unwanted

9.12463

F-Prot

W32/S-558cd461

v6.4.7.1.166

F-Secure

Gen:Variant.Strictor.55608

11.2015-27-11_6

G Data

Gen:Variant.Strictor.55608

15.11.25

IKARUS anti.virus

Trojan.Badur

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.17641

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1059

McAfee

PUP-FKR

5600.6569

Microsoft Security Essentials

Trojan:Win32/Danglo!gmb

1.1.12205.0

MicroWorld eScan

Gen:Variant.Strictor.55608

16.0.0.993

NANO AntiVirus

Trojan.Win32.Bicl.dbiduz

0.30.26.3947

Panda Antivirus

Trj/CI.A

15.11.27.04

Quick Heal

Trojan.Generic.g3

11.15.14.00

Rising Antivirus

PE:Malware.RDM.01!5.7[F1]

23.00.65.151125

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.dVSeYQC

37.1.62.1

Trend Micro

TROJ_GEN.R002C0CE315

10.465.27

Vba32 AntiVirus

Trojan.Badur

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

44818

Zillya! Antivirus

Downloader.Bicl.Win32.1

2.0.0.2472

File size:

26.9 MB (28,205,056 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

5/6/2014 7:10:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:k85/xA9LQIGAuy7Vf69WJzkhoZnuIbP/xA9LQczYcCe:k8lxxA9f69aYanuaXx8

Entry address:

0x8E9E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

28 KB (28,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove recovermyfiles-v5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.