home

SdarotDownloader.exe

SdarotDownloader

R4z

The executable SdarotDownloader.exe has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from serv71.f2h.co.il.
Publisher:
R4z

Product:
SdarotDownloader

Version:
0.9.0.0

MD5:
612068dac916087ca01ba72877b898ae

SHA-1:
0308dbbf78e810c6d69a3a7f7fa691a2f900569b

SHA-256:
093e26a4533115c969a59bd5207925df6f3a60ea08fff903e2671544d57e1808

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
8/7/2025 7:54:46 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Generic
2015.04.24

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2102

Malwarebytes
Trojan.Agent
v2015.05.02.02

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R047H07DO15
7.2.145

File size:
37.5 KB (38,439 bytes)

Product version:
0.9.0.0

Copyright:
Copyright R4z © 2015

Original file name:
SdarotDownloader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\sdarotdownloader.exe

File PE Metadata
Compilation timestamp:
12/9/2010 8:58:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:avxb2ndcSUOZA4d5XDxGgYnLDZa3eCNJJL:qbyc3AA4zXDBYn+zJL

Entry address:
0x2E5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4323

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4 KB (4,096 bytes)

The file SdarotDownloader.exe has been seen being distributed by the following URL.

http://serv71.f2h.co.il/.../ygmay8ldpqjn|4f0590d90e7619579f2193ec15a68732

Remove SdarotDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.