» file1.exe
Overview
Analysis
File Details
Behaviors (1)

file1.exe

The executable file1.exe has been detected as malware by 29 anti-virus scanners.

File name:

file1.exe

MD5:

ee90f6f5a491baea5d8093198dcb5512

SHA-1:

5009cc4c5f1990117ed5a3a63598ee445249acd0

SHA-256:

d1a466fec59aedc32c62d82964489d2db7cf9470cae017618d81fa0a528dcdc3

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/29/2024 12:14:29 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/IRCBot.worm.Gen

2010.09.25

Avira AntiVirus

Worm/Rbot.210944

7.10.12.30

avast!

Win32:DCom-F

2014.9-170316

AVG

BackDoor.RBot

2018.0.2438

Bitdefender

Backdoor.RBot.XPI

1.0.20.375

Clam AntiVirus

Exploit.DCOM.Gen

0.98/17211

Comodo Security

Backdoor.Win32.Rbot.~SR

6199

Dr.Web

Win32.HLLW.MyBot.based

9.0.1.075

ESET NOD32

Win32/Rbot (variant)

11.5479

Fortinet FortiGate

W32/SDBot.REO!tr.bdr

3/16/2017

F-Prot

W32/Ircbot.1!Generic

v6.4.6.2.117

F-Secure

Backdoor.RBot.XPI

11.2017-16-03_5

G Data

Backdoor.RBot.XPI

17.3.21

IKARUS anti.virus

Backdoor.Rbot

t3scan.1.1.88.0

K7 AntiVirus

Backdoor

13.63.2608

Kaspersky

Backdoor.Win32.Rbot

14.0.0.-1316

McAfee

W32/Sdbot.worm.gen.g

5600.6094

Microsoft Security Essentials

Backdoor:Win32/Rbot.gen

1.163.1557.0

Norman

Spybot.gen16

11.20170316

nProtect

Backdoor.RBot.XPI

10.09.25.01

Panda Antivirus

W32/Gaobot.gen.worm

17.03.16.06

Prevx

High Risk System Back Door

3.0

Quick Heal

Backdoor.Rbot.aea

3.17.11.00

Rising Antivirus

Backdoor.SdBot.vdd

23.00.65.17314

Sophos

W32/Rbot-Gen

4.58

SUPERAntiSpyware

Trojan.Agent/Gen-IRBot

8532

Trend Micro House Call

WORM_SPYBOT.GEN

7.2.75

Trend Micro

WORM_SPYBOT.GEN

10.465.16

Vba32 AntiVirus

Backdoor.Win32.Rbot.aea

3.12.14.1

File size:

319.6 KB (327,280 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\file1.exe

File PE Metadata

Compilation timestamp:

4/4/2010 2:17:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x23F80

Entry point:

55, 8B, EC, 6A, FF, 68, F0, CC, 43, 00, 68, 44, 76, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, A4, 53, 56, 57, 89, 65, E8, FF, 15, 84, A3, 47, 00, A3, 50, 7F, 47, 00, A1, 50, 7F, 47, 00, C1, E8, 08, 25, FF, 00, 00, 00, A3, 5C, 7F, 47, 00, 8B, 0D, 50, 7F, 47, 00, 81, E1, FF, 00, 00, 00, 89, 0D, 58, 7F, 47, 00, 8B, 15, 58, 7F, 47, 00, C1, E2, 08, 03, 15, 5C, 7F, 47, 00, 89, 15, 54, 7F, 47, 00, A1, 50, 7F, 47, 00, C1, E8, 10, 25, FF, FF, 00, 00, A3, 50, 7F, 47, 00, 6A, 01, E8, 9D... 
[+]

Entropy:

6.3808

Developed / compiled with:

Microsoft Visual C++

Code size:

234 KB (239,616 bytes)

Windows Firewall Allowed Program

Name:

file1.exe

Remove file1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.