home

universal bios backup toolkit 2.0.exe

BIOS Backup ToolKit

DavidXXW Workgroup

The executable universal bios backup toolkit 2.0.exe has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1466.mediafire.com and multiple other hosts.
Publisher:
DavidXXW Workgroup

Product:
BIOS Backup ToolKit

Version:
2.0.1.0

MD5:
e20002dba2f2129797400b4bbf5cace7

SHA-1:
0bed0f6320cf705ab454ce14decc0a3fc6840337

SHA-256:
672bc532799a091c2422f3676550b019cff007f3ebba05a4ba7222c9c810179b

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/23/2024 7:17:38 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
SPR/BIOSBackup.A
7.11.123.254

AVG
Generic3_c
2015.0.3600

Bkav FE
W32.Clodcfc.Trojan
1.3.0.4613

Comodo Security
Heur.Suspicious
17574

Fortinet FortiGate
W32/BDoor.DRV!tr
1/8/2014

F-Prot
W32/MalwareF.JILM
v6.4.7.1.166

G Data
Win32.Trojan.FlyStudio
14.1.22

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.10766

McAfee
Generic.dx!E20002DBA2F2
5600.7256

NANO AntiVirus
Trojan.Win32.Genome.chwfrr
0.28.0.57029

Norman
FlyAgent.CX
11.20140108

Rising Antivirus
PE:Trojan.Win32.Generic.125DB337!308130615
23.00.65.14106

Trend Micro House Call
TROJ_SPNR.03L412
7.2.8

Trend Micro
TROJ_SPNR.03L412
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
25210

File size:
599.5 KB (613,920 bytes)

Product version:
2.0.1.0

Copyright:
This tool only for technological research and validating vulnerabilities in the test environment. Does not involve the any copyrighted content, only f

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\{random}.tmp\bios_backup_tookitv2.0\universal bios backup toolkit 2.0.exe

File PE Metadata
Compilation timestamp:
12/25/1972 11:33:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.0

CTPH (ssdeep):
12288:mOJoScuuvTcgQ6HzAQJVtBPUmrjvEtoDvPDtTOVb/+PWFIgpi:m82cgQ8UmnPUmPSCvPxORFIt

Entry address:
0x1BB90

Entry point:
60, BE, 00, 30, 41, 00, 8D, BE, 00, E0, FE, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 89, 94, 01, 00, 57, 83, C3, 04, 53, 68, 7F, 8B, 00, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
40 KB (40,960 bytes)

The file universal bios backup toolkit 2.0.exe has been seen being distributed by the following 3 URLs.

http://download1466.mediafire.com/7u79tzc6layg/.../Universal BIOS Backup ToolKit 2.0.exe

http://rghost.net/download/8zyvqH7sn/.../e4b0e889be161abdbb126f713be7f12b32e80186/Universal BIOS Backup ToolKit 2.0.exe

temp:Universal BIOS Backup ToolKit 2.0.exe

Remove universal bios backup toolkit 2.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.