240714_ps.exe

The application 240714_ps.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from 4threquest.me.
MD5:
9d42ebfe920a2be1c27a8a9e9ba860ac

SHA-1:
761b6479b419a60043e5f70bc88dd0dff024232c

SHA-256:
3bd0c6f8a19079349cc5e9e4930182b5c01556f85644ecd3188cc9f388197666

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/27/2024 3:05:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160326-0

AVG
Win32/Parite
2015.0.4545

Dr.Web
Trojan.Yontoo.1806
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.Artemis!2C6846F4FC53
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.680.0

File size:
684.5 KB (700,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\240714_ps.exe

File PE Metadata
Compilation timestamp:
12/5/2009 8:52:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iiYixzIid1s15AbC+IQd/G/8/3D0Fw/tN8dkmLtpHHHrh7MtkOgB7VTf1L3:iVyV6YIQK8/z0FmcLbH1MtsTtr

Entry address:
0x122000

Entry point:
90, 90, 68, 5E, 9C, 17, 00, 58, 90, BF, 1E, 20, 52, 00, 90, BA, 98, 05, 00, 00, 90, 90, 31, 04, 3A, 90, 83, EA, 03, 4A, 90, 75, F5, 90, B6, E1, 16, 00, 5E, 9C, 17, 00, 5E, 9C, 57, 00, 95, AC, 17, 00, 5E, 60, 10, 00, 86, 9D, 1F, 00, 5E, 2C, 15, 00, 5F, 9C, 17, 00, 3E, EC, 57, 00, DA, E4, 57, 00, C8, E4, 57, 00, E6, FE, 17, 00, DC, E4, 17, 00, CA, E4, 17, 00, 3E, C2, 17, 00, DC, E4, 17, 00, CA, E4, 17, 00, 5E, 9C, 17, 00, 5E, 9C, 17, 00, 5E, 9C, 17, 00, 5E, 9C, 17, 00, 8A, EC, 57, 00, 5E, 9C, 17, 00, 5E, 9C...
 
[+]

Code size:
22.5 KB (23,040 bytes)

The file 240714_ps.exe has been seen being distributed by the following URL.

Remove 240714_ps.exe - Powered by Reason Core Security