» windows.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

windows.exe

The executable windows.exe has been detected as malware by 29 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. While running, it connects to the Internet address b39de681.virtua.com.br on port 1177.

File name:

windows.exe

Version:

0.0.0.0

MD5:

85fed438779f28e69ef18a833ab1bc58

SHA-1:

fc5eee685a6c82021a35bb7d7c4c9961492006e9

SHA-256:

2c388d02263a48ea5216f855413618ce56548ddf049de9d09d6de66abb4c9099

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/28/2024 4:38:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.MSIL.Krypt.2

-40

AegisLab AV Signature

Troj.W32.Gen.lWjm

2.1.4+

AhnLab V3 Security

Trojan/Win32.Delfiles.R2378

3.8.3.16

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.MSIL.Krypt.2

1.0.0.802

avast!

MSIL:Agent-CIB [Trj]

2014.9-170316

AVG

Win32/Hedo

2018.0.2438

Baidu Antivirus

MSIL.Backdoor.Bladabindi

4.0.3.17316

Bitdefender

Gen:Heur.MSIL.Krypt.2

1.0.20.375

Dr.Web

Trojan.DownLoader22.15581

9.0.1.075

Emsisoft Anti-Malware

Gen:Heur.MSIL.Krypt

8.17.03.16.01

ESET NOD32

MSIL/Bladabindi.AH (variant)

11.15094

Fortinet FortiGate

MSIL/Agent.PPQ!tr

3/16/2017

F-Prot

W32/A-57056955

v6.4.7.1.166

F-Secure

Gen:Heur.MSIL.Krypt.2

11.2017-16-03_5

G Data

Gen:Heur.MSIL.Krypt

17.3.A:25.11199B:25.9092

IKARUS anti.virus

Trojan-Dropper.Win32.Dorifel

0.2.1.2

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1315

Malwarebytes

Backdoor.Agent.PGen

v2017.03.16.01

McAfee

Trojan-FIGN

5600.6094

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.13504.0

MicroWorld eScan

Gen:Heur.MSIL.Krypt.2

18.0.0.225

NANO AntiVirus

Trojan.Win32.DownLoader10.ctopxm

1.0.70.15657

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Backdoor.Bot!1.6675 (classic)

23.00.65.17314

Sophos

Mal/MSIL-QB

4.98

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.75

Trend Micro

BKDR_BLADABI.SMC

10.465.16

VIPRE Antivirus

Trojan.MSIL.Bladabindi.b

56674

File size:

179 KB (183,296 bytes)

Product version:

0.0.0.0

Original file name:

stub.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\administrador\windows.exe

File PE Metadata

Compilation timestamp:

3/15/2017 7:56:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x2A9FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

163 KB (166,912 bytes)

Windows Firewall Allowed Program

Name:

windows.exe

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to b39de681.virtua.com.br (179.157.230.129:1177)

Remove windows.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.