امتحان المنتصف.exe

aINz1WFIp0XtU

aKAea5Zw51R

The executable امتحان المنتصف.exe has been detected as malware by 21 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from rghost.net.
Publisher:
aKAea5Zw51R

Product:
aINz1WFIp0XtU

Description:
aXuQJ6H0TiX

Version:
5.6.8.32

MD5:
1b68c9c76fa46ef3e914c1c729418bfa

SHA-1:
ecff29fc808bf00c0c039b7c1f02f52ef106842d

SHA-256:
1b20a32a1438776902951d54103295eff84bb5ad1588e203c25983b7107d6540

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
12/26/2024 5:27:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1652053
180

AhnLab V3 Security
Trojan/Win32.Crypt
16.08.07

Avira AntiVirus
TR/Dldr.Ranos.A.388
7.11.145.18

avast!
Win32:Malware-gen
2014.9-160807

AVG
Downloader.Generic13
2017.0.2658

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.1687

Bitdefender
Trojan.GenericKD.1652053
1.0.20.1100

Dr.Web
Trojan.DownLoader9.49968
9.0.1.0220

Emsisoft Anti-Malware
Trojan.GenericKD.1652053
8.16.08.07.11

ESET NOD32
MSIL/Injector.CJO (variant)
10.9714

IKARUS anti.virus
Trojan-Downloader
t3scan.1.6.1.0

McAfee
Trojan-FDUD!1B68C9C76FA4
5600.6314

Microsoft Security Essentials
TrojanDownloader:MSIL/Ranos.A
1.10502

MicroWorld eScan
Trojan.GenericKD.1652053
17.0.0.660

NANO AntiVirus
Trojan.Win32.Disfa.cwbhis
0.28.0.59492

Norman
Suspicious_Gen4.GFYPX
11.20160807

nProtect
Trojan.GenericKD.1652053
14.04.24.01

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.F47V0423
7.2.220

VIPRE Antivirus
Backdoor.MSIL.Bladabindi.a
28562

File size:
159.5 KB (163,328 bytes)

Product version:
5.6.8.32

Copyright:
Copyright © 2004

Trademarks:
a0wBijhmCFC7SA

Original file name:
bna.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\امتحان المنتصف.exe

File PE Metadata
Compilation timestamp:
3/31/2014 7:19:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:YwW9HdOBO36bXIc31ukLJHr9WnabOQw7RuquW9V8+8FC:7wHdOBx1usHh+ahwqz

Entry address:
0x562E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5112

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
14 KB (14,336 bytes)

The file امتحان المنتصف.exe has been seen being distributed by the following URL.

Remove امتحان المنتصف.exe - Powered by Reason Core Security