home

tapipb.exe

idolises

codas joys

The executable tapipb.exe, “suable bases renegotiated” has been detected as malware by 30 anti-virus scanners. According to Microsoft Security Essentials, this Dorkbot IRC-based worm is designed to capture user names and passwords by intercepting on your network traffic, and can block websites that are related to security updates. It can also be used to launch denial of service (DoS) attacks.
Publisher:
codas joys

Product:
idolises

Description:
suable bases renegotiated

Version:
8.02.0006

MD5:
182172041c976d6f0d7b1accafb9a595

SHA-1:
bee9393bade971fb97e28f32c6ca9fc3288c0adc

SHA-256:
a9f5d1ed644ee97c020cbf698c9428f6f8c12167ad6cbef5c06f6d01995beb6c

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/28/2024 11:38:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.ZGY.5
-40

Agnitum Outpost
Trojan.VBKrypt
7.1.1

AhnLab V3 Security
Trojan/Win32.VBKrypt
2015.12.15

Avira AntiVirus
TR/Crypt.XPACK.Gen8
8.3.2.4

Arcabit
Trojan.Heur.ZGY.5
1.0.0.629

avast!
Win32:VBCrypt-BCM [Trj]
2014.9-170316

AVG
Dropper.Generic6
2018.0.2438

Baidu Antivirus
Backdoor.Win32.Ruskill
4.0.3.17316

Bitdefender
Gen:Trojan.Heur.ZGY.5
1.0.20.375

Comodo Security
UnclassifiedMalware
23768

Dr.Web
Trojan.Packed.22707
9.0.1.075

Emsisoft Anti-Malware
Gen:Trojan.Heur.ZGY
8.17.03.16.12

ESET NOD32
Win32/Injector.SUH (variant)
11.12723

Fortinet FortiGate
W32/VBKrypt.MBW!tr
3/16/2017

F-Secure
Gen:Trojan.Heur.ZGY.5
11.2017-16-03_5

G Data
Gen:Trojan.Heur.ZGY
17.3.25

IKARUS anti.virus
Worm.Win32.WBNA
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18103

Kaspersky
Backdoor.Win32.Ruskill
14.0.0.-1315

McAfee
PWS-Zbot.gen.asg
5600.6094

Microsoft Security Essentials
Worm:Win32/Dorkbot.A
1.1.12300.0

MicroWorld eScan
Gen:Trojan.Heur.ZGY.5
18.0.0.225

NANO AntiVirus
Trojan.Win32.Injector.ttsru
1.0.10.5081

Panda Antivirus
Trj/Genetic.gen
17.03.16.12

Qihoo 360 Security
Win32/Trojan.5b1
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.17314

Sophos
Mal/VBInj-Y
4.98

Vba32 AntiVirus
Backdoor.Ruskill
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45850

Zillya! Antivirus
Trojan.VBKrypt.Win32.169142
2.0.0.2562

File size:
196 KB (200,704 bytes)

Product version:
8.02.0006

Copyright:
militias toasties ornate 1995

Trademarks:
repellen chromium

Original file name:
rancid.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\tapipb.exe

File PE Metadata
Compilation timestamp:
6/19/2012 1:18:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1528

Entry point:
68, F8, 15, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 8B, DC, 4A, B1, 15, 15, 4A, 4E, 86, 2D, 39, 7B, C6, A3, AB, 63, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 65, 67, 67, 69, 6F, 35, 52, 65, 74, 72, 6F, 66, 69, 72, 69, 6E, 67, 30, 00, 74, 65, 64, 00, 00, 00, 00, 07, 00, 00, 00, E4, 33, 40, 00, 07, 00, 00, 00, 9C, 33, 40, 00, 07, 00, 00, 00, 5C, 33, 40, 00, 07, 00, 00, 00, 00, 33, 40, 00, 07, 00, 00, 00, B8, 32, 40, 00, 07, 00, 00, 00, 6C, 32, 40, 00...
 
[+]

Entropy:
6.1638

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
60 KB (61,440 bytes)

Remove tapipb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.