» bamcof.exe
Overview
Analysis
File Details
Behaviors (1)

bamcof.exe

The executable bamcof.exe has been detected as malware by 27 anti-virus scanners. It runs as a windows Service named “Bamcof”.

File name:

bamcof.exe

MD5:

4d1ee1c34d6938dcb2de1be80b0d09c6

SHA-1:

a8b7f4b136b647e1a84c536f95fe776e8781df2e

SHA-256:

55b7803f42706d58347f18847673d67f9794386f772d51b58372fa90529c9719

Scanner detections:

27 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 11:34:56 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Expiro.Gen.4

5751030

AhnLab V3 Security

Win32/Expiro5.Gen

2015.10.26

Avira AntiVirus

W32/Expiro.cak

8.3.2.2

Arcabit

Win32.Expiro.Gen.4

1.0.0.585

avast!

Win32:Expiro-FO [Trj]

151022-0

AVG

Win32/Heur

2015.0.4355

Bitdefender

Win32.Expiro.Gen.4

1.0.20.1490

Comodo Security

Virus.Win32.Expiro.CA

23472

Dr.Web

Win32.Expiro.100

9.0.1.05190

Emsisoft Anti-Malware

Win32.Expiro.Gen

10.0.0.5366

ESET NOD32

Win32/Expiro.CG virus

7.0.302.0

Fortinet FortiGate

W32/Expiro.CG

10/25/2015

F-Prot

W32/Expiro.CA

4.6.5.141

F-Secure

Win32.Expiro.Gen.4

5.14.151

G Data

Win32.Expiro.Gen

15.10.25

IKARUS anti.virus

Virus.Win32.Expiro

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.212.17641

Kaspersky

Virus.Win32.Expiro

15.0.0.543

Microsoft Security Essentials

Threat.Undefined

1.209.158.0

MicroWorld eScan

Win32.Expiro.Gen.4

16.0.0.894

NANO AntiVirus

Virus.Win32.Expiro.dxfnrc

0.30.26.3947

Norman

Win32.Expiro.Gen.4

22.10.2015 04:41:22

nProtect

Win32.Expiro.Gen.4

15.10.23.01

Rising Antivirus

PE:Virus.Expiro/AllInOne!1.A140[F1]

23.00.65.151023

Sophos

Virus 'W32/Expiro-AC'

5.18

Vba32 AntiVirus

Heur.Trojan.Hlux

3.12.26.4

VIPRE Antivirus

Threat.5066537

44732

File size:

1 MB (1,052,160 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\bamcof\bamcof.exe

File PE Metadata

Compilation timestamp:

1/12/2016 8:52:46 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:j4BY8l3VRYVKJ5wSjeWLJhSxsAcUzHYsQazDDasesbRgLxRM6g9Zify0t+HQTsRx:elfYsJqSjeWQd3eslQRM6J/Tc3

Entry address:

0x1D204

Entry point:

50, 51, 56, 8D, 05, 30, 00, 00, 00, 64, 8B, 08, 83, C1, 0C, 8B, 31, 8B, C6, 83, C0, 0C, 8B, 08, 89, CE, 83, C6, 18, 8B, 06, 83, F8, 00, 0F, 84, 19, 00, 00, 00, 8B, F1, 83, C6, 30, 8B, 36, 8B, 76, 0A, 81, EE, 6C, 00, 33, 00, 83, FE, 00, 0F, 84, 07, 00, 00, 00, 8B, 09, E9, D0, FF, FF, FF, 8B, 48, 3C, 03, C8, 8B, 71, 78, 01, C6, 52, 53, 8B, 56, 20, 03, D0, 8B, 1A, 03, D8, 8B, 4B, 0B, 81, C1, 9B, 9C, 8B, FF, 85, C9, 75, 02, EB, 05, 83, C2, 04, EB, E8, 8B, 4E, 20, 2B, D0, 29, CA, C1, EA, 01, 8B, 4E, 24, 03, CA... 
[+]

Code size:

366.5 KB (375,296 bytes)

Service

Display name:

Bamcof

Type:

Win32OwnProcess, InteractiveProcess

Remove bamcof.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.