home

vubysfhmgi.exe

The executable vubysfhmgi.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ihboqjic’. While running, it connects to the Internet address e.dns.ripn.net on port 53.
MD5:
c39e3f4050302045989f81d63b501546

SHA-1:
0fd317bc844eb14e099987c32cb0a519b6befce1

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/19/2024 8:32:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.9074024
379

Agnitum Outpost
Trojan.DL.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Rbot
16.01.22

Avira AntiVirus
WORM/Rbot.Gen
7.11.141.48

avast!
Win32:Kryptik-LDP [Trj]
2014.9-160122

AVG
Win32/DH
2017.0.2857

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.16122

Bitdefender
Trojan.Generic.9074024
1.0.20.110

Bkav FE
W32.SunjuitLTF.Trojan
1.3.0.4959

Comodo Security
TrojWare.Win32.Trojan.Agent.Gen
18044

Dr.Web
Trojan.DownLoader8.36143
9.0.1.022

Emsisoft Anti-Malware
Trojan.Generic.9074024
8.16.01.22.07

ESET NOD32
Win32/TrojanDownloader.Agent.RPT (variant)
10.9634

Fortinet FortiGate
W32/Generic!tr
1/22/2016

F-Secure
Trojan.Generic.9074024
11.2016-22-01_6

G Data
Trojan.Generic.9074024
16.1.24

IKARUS anti.virus
Backdoor.Win32.Oderoor
t3scan.2.2.29

K7 AntiVirus
Riskware
13.176.11659

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.778

Malwarebytes
Trojan.Downloader.ED
v2016.01.22.07

McAfee
RDN/Downloader.a!hb
5600.6513

Microsoft Security Essentials
Backdoor:Win32/Oderoor
1.10401

MicroWorld eScan
Trojan.Generic.9074024
17.0.0.66

NANO AntiVirus
Trojan.Win32.Rbot.bnpjda
0.28.0.58873

Norman
Troj_Generic.JUKIC
11.20160122

nProtect
Trojan.Generic.9074024
14.04.03.01

Panda Antivirus
Trj/OCJ.E
16.01.22.07

Qihoo 360 Security
Win32/Trojan.e6d
1.0.0.1015

Quick Heal
Trojan.Oderoor.ab
1.16.12.00

Sophos
Mal/EncPk-CK
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
9370

Trend Micro House Call
PAK_Generic.005
7.2.22

Trend Micro
PAK_Generic.005
10.465.22

VIPRE Antivirus
Trojan.Win32.Kryptik.ksvr
28008

ViRobot
Trojan.Win32.S.Agent.46592.AE
2011.4.7.4223

File size:
45.5 KB (46,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\vubysfhmgi.exe

File PE Metadata
Compilation timestamp:
4/6/2013 11:44:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:VpcNBkAe2CssH//ML1ikBxYeQuprohK5Sv+kwW+tLRqPNkuAqkTa:DwBk0CPML1R1dreKK+fH+kuAqkT

Entry address:
0x17533

Entry point:
68, 40, 50, 9C, 5F, E8, E4, 01, 00, 00, E9, 94, F8, FF, FF, 56, 60, F8, 85, F6, E9, AB, 97, FF, FF, 6A, A5, C0, D5, B6, 37, D3, DA, B3, CD, 35, 25, A3, AD, F4, BB, 3B, DA, 9C, 22, 0E, 91, 50, 42, 95, 1D, 55, 72, B3, 88, CC, 82, E2, 37, BD, CC, E5, 0B, A1, E7, 4E, 2F, A3, 07, 2F, 9C, 5B, 07, F7, EF, B9, DF, 92, 9F, F8, A1, 96, 47, 92, 1D, 83, 37, 39, BF, 49, 2D, 90, 08, FC, 2B, 0E, AE, DE, C3, 23, FE, 35, 9F, AB, E8, CE, 01, A3, 68, 0B, B1, C0, 00, 8D, 63, 92, 12, A9, 20, AF, 4B, 76, 29, 0A, 33, B9, 8C, D9...
 
[+]

Entropy:
7.7157  (probably packed)

Code size:
96.5 KB (98,816 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ihboqjic

Command:
C:\Windows\System32\vubysfhmgi.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to static.external.zlb.scl3.mozilla.com  (63.245.213.24:443)

TCP:
Connects to e.dns.ripn.net  (193.232.142.17:53)

TCP:
Connects to d.dns.ripn.net  (194.190.124.17:53)

TCP (HTTP):
Connects to a-0003.a-msedge.net  (204.79.197.203:80)

Remove vubysfhmgi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.