» 189046620_setup.exe
Overview
Analysis
File Details
Downloads (16)

189046620_setup.exe

The executable 189046620_setup.exe has been detected as malware by 4 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from targetinfo.homeip.net and multiple other hosts.

File name:

189046620_setup.exe

MD5:

8bc7a66df3b0af3d3eacdea34a0bf7fd

SHA-1:

bfcd58fe1b1f1168414a46cf6d8a0157e568ecfb

SHA-256:

9b9f25ce183f0912fcf473f85de6c0d12d841ea90eae4534ebd7838e3d6dee8c

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

12/26/2024 2:56:10 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

Clam AntiVirus

Trojan.Banload-1361

0.98/18155

ESET NOD32

Detection.Undefined

7.0.302.0

XVirus List

Win.Detected

2.3.31

File size:

3.2 MB (3,321,289 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\189046620_setup.exe

File PE Metadata

Compilation timestamp:

5/2/2012 6:09:13 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:nQ8LFcZYGfmPcbqLBGT36+lpuANIIvToysB:LLFSYGHbqFGDlpl1ToysB

Entry address:

0xD240

Entry point:

48, 83, EC, 28, E8, 9B, FE, FF, FF, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, 83, C4, 28, E9, 00, 3A, 00, 00, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, F9, 48, 89, 11, 48, 8B, CA, 48, 8B, DA, E8, BD, 89, FF, FF, 48, 89, 47, 08, 8B, 83, 2C, 0C, 00, 00, 48, 8B, 5C, 24, 30, 89, 47, 10, 48, 8B, C7, 48, 83, C4, 20, 5F, C3, CC, CC, 48, 83, EC, 28, 4C, 8B, 09, 41, 8B, 81, 2C, 0C, 00, 00, 39, 41, 10, 75, 0F, 48, 8B, 51, 08, 45, 33, C0, 49, 8B, C9, E8, 5A, 90, FF, FF, 48, 83, C4, 28, C3, CC, 48, 83, EC, 68... 
[+]

Code size:

86 KB (88,064 bytes)

The file 189046620_setup.exe has been seen being distributed by the following 16 URLs.

http://targetinfo.homeip.net:8280/.../winrar-64bit-420br.exe

http://novaknup.com.br/winrar-x64-420br.exe

https://doc-04-00-docs.googleusercontent.com/docs/securesc/nurnuq9af54trsg6fog66kejlhdij36a/14b5cvljvfmuf2h8jbidg01nrfp9792v/1443988800000/.../05874268950890650186/0BzHTFNtiMivTYl95QkowQ0Y2S2M?e=download

https://mega.nz/persistent/.../skhVWQKa

http://download1629.mediafire.com/na9mc4b8ulxg/.../Baixar o WinRar 32Bits ou 64Bits.exe

https://mega.nz/temporary/.../EphVXISb

https://mega.nz/temporary/.../LxoT1Joa

temp:winrar-x64-420br.exe

http://download1629.mediafire.com/ktw7sab87uxg/.../WinRar 4.20 64 - Bits.exe

http://dc494.4shared.com/download/.../BOT10_WinRar_420.exe

https://www.dropbox.com/pri/get/.../winrar-x64-420br.exe

http://www.rarlabs.com/.../winrar-x64-420br.exe

http://dc494.4shared.com/download/.../WinRAR__64-bit__420_em_Portugu.exe

http://rarlabs.com/.../winrar-x64-420br.exe

http://www.win-rar.com/fileadmin/.../winrar-x64-420br.exe

http://www.rarlab.com/.../winrar-x64-420br.exe

Remove 189046620_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.