home

usbfix.exe

The executable usbfix.exe has been detected as malware by 1 anti-virus scanner. This file is typically installed with the program UsbFix by El Desaparecido. While running, it connects to the Internet address ns1.sosvirus.net on port 80 using the HTTP protocol.
MD5:
0ba1b55a109f9d3e9b1ecb151fa510de

SHA-1:
7e61ad70ed7a78b62ac163a1311e8c816392508e

SHA-256:
96069a1c9b58daef97f8a5f1a6f8b30540044b9ede1efd51855f308da1238386

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 7:01:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.5.19

File size:
1.8 MB (1,836,544 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

File PE Metadata
Compilation timestamp:
2/5/2016 9:39:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:SCdxte/80jYLT3U1jfsWaha9yHN0ScxKYUqxApyqxFp7bG0X7vqTLa4B5uQ:Dw80cTsjkWahawMxKYU4jwfyl7

Entry address:
0x27F4A

Entry point:
E8, B8, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 24, E3, 4B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, FC, 31, 4C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00...
 
[+]

Entropy:
7.1957

Code size:
567.5 KB (581,120 bytes)

The file usbfix.exe has been discovered within the following program.

UsbFix  by El Desaparecido
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns1.sosvirus.net  (151.80.21.61:80)

TCP (HTTP):
Connects to redirect.ovh.net  (213.186.33.5:80)

TCP (HTTP SSL):
Connects to ns3059860.ip-137-74-207.eu  (137.74.207.132:443)

TCP (HTTP SSL):
Connects to ns3014050.ip-94-23-52.eu  (94.23.52.47:443)

Remove usbfix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.