» dwhb4f.exe
Overview
Analysis
File Details

dwhb4f.exe

The executable dwhb4f.exe has been detected as malware by 29 anti-virus scanners. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot.

File name:

dwhb4f.exe

MD5:

dff44ab91bdcff81c8a9d939fcefb26f

SHA-1:

1f485e9482261cc1614d24d88df89030c8f79e3c

Scanner detections:

29 / 68

Status:

Malware

Explanation:

Part of a backdoor IRC bot network.

Analysis date:

4/29/2024 2:58:46 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Kolab.worm.183296.F

2011.03.13

Avira AntiVirus

TR/Agent.183296.11

7.11.4.177

avast!

Win32:Kryptik-XE

2014.9-170313

AVG

Cryptic

2018.0.2441

Bitdefender

MemScan:Worm.Generic.303460

1.0.20.360

Clam AntiVirus

PUA.Packed.EXECryptor

0.98/17411

Comodo Security

UnclassifiedMalware

7960

Dr.Web

Trojan.Siggen2.12132

9.0.1.072

Emsisoft Anti-Malware

Net-Worm.Win32.Kolab!IK

8.17.03.13.10

ESET NOD32

Win32/Kryptik.HPD (variant)

11.5948

F-Prot

W32/SuspPack.CZ.gen

v6.4.6.2.117

F-Secure

MemScan:Worm.Generic.303460

11.2017-13-03_2

G Data

MemScan:Worm.Generic.303460

17.3.21

IKARUS anti.virus

Net-Worm.Win32.Kolab

t3scan.1.1.97.0

K7 AntiVirus

NetWorm

13.93.4087

Kaspersky

Net-Worm.Win32.Kolab

14.0.0.-1302

McAfee

Generic BackDoor!cud

5600.6097

Microsoft Security Essentials

Backdoor:Win32/IRCbot.gen!K

1.163.1557.0

Norman

W32/Suspicious_Gen2.FGOSI

11.20170313

nProtect

Worm/W32.Kolab.183296.E

11.02.10.01

Panda Antivirus

Generic Malware

17.03.13.10

Prevx

High Risk Cloaked Malware

3.0

Quick Heal

Backdoor.IRCBot.k

3.17.11.00

Rising Antivirus

Trojan.Win32.Generic.126385E4

23.00.65.17311

Sophos

Mal/IRCbot-T

4.63

Trend Micro House Call

TROJ_GEN.R47C2LH

7.2.72

Trend Micro

TROJ_GEN.R47C2LH

10.465.13

Vba32 AntiVirus

BScope.Trojan.Jumperok

3.12.14.3

VIPRE Antivirus

Backdoor.Win32.IRCBot

8687

File size:

179 KB (183,296 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\dwhb4f.exe

File PE Metadata

Compilation timestamp:

12/16/2010 2:10:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x782FE

Entry point:

E8, 3B, FF, FF, FF, 05, 13, 3B, 00, 00, FF, E0, E8, 2F, FF, FF, FF, 05, 94, 1A, 00, 00, FF, E0, E8, 77, 01, 00, 00, 33, 3F, 47, 00, 11, 47, 19, 50, 18, 4F, 01, 10, 48, 28, 0B, 11, 12, 3F, 43, 38, 19, 16, 13, 1C, 29, 1B, 26, 65, 07, 08, 01, 0B, 36, 01, 06, 15, FE, 1B, 00, 14, 0D, 50, 11, 42, 47, 2C, 08, 6B, 12, 0E, 02, 26, 4B, 14, 0A, 2C, 0D, 42, 3B, 14, 17, 08, 19, 0B, 1A, 4C, 08, 0A, 1E, 0D, 0A, 1B, 0A, 0D, 4E, 01, 16, 0E, 02, 1F, 0B, 47, 0D, 07, 11, 1D, 24, 14, 43, 39, 0A, 14, 05, 56, 4A, 47, 38, 1C, 25... 
[+]

Entropy:

7.9458 (probably packed)

Code size:

289 KB (295,936 bytes)

Remove dwhb4f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.