291014_nj.exe

33Ix0SZNc64S

The executable 291014_nj.exe, “Download da Internet” has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from skivu.net.
Publisher:
33Ix0SZNc64S

Description:
Download da Internet

Version:
8.9.2.8

MD5:
67d7b8055130cadbc565112bd2f4b454

SHA-1:
d4ed4617f6d5f191216b818e56ee3d49aff7d500

SHA-256:
dc0723d3c6e6abfae6b9d85d8c34b6c6878719ddafdc626ab3f6027c537621b1

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/26/2024 5:42:22 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160326-0

AVG
Win32/Parite
2015.0.4355

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

F-Secure
Win32.Parite.B
5.15.96

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.Artemis!4B20907CE235
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.680.0

File size:
2.4 MB (2,488,798 bytes)

Copyright:
33Ix0SZNc64SIK

Original file name:
33Ix0SZNc64SIKS

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\291014_nj.exe

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:HzeEXBhFZCCmEpdhIkIC4KKxz5fDU02ptMX1Ke2kZrRT:HSEXBlCCmswkfhh02iKeTZt

Entry address:
0x3AD000

Entry point:
B9, 3C, 5D, 1F, 00, 90, 90, BA, 24, D0, 7A, 00, 90, 68, 98, 05, 00, 00, 5F, 90, 90, FF, 34, 3A, 31, 0C, 24, 8F, 04, 3A, 90, 83, EF, 04, 90, 90, 75, EF, 90, 90, D4, 20, 1E, 00, 3C, 5D, 1F, 00, 3C, 5D, 5F, 00, 03, 6F, 1F, 00, DC, 1E, 3C, 00, E2, 14, 3C, 00, 3C, ED, 1D, 00, 3D, 5D, 1F, 00, 5C, 2D, 5F, 00, B8, 25, 5F, 00, AA, 25, 5F, 00, 84, 39, 1F, 00, BE, 25, 1F, 00, A8, 25, 1F, 00, 5C, 3D, 1F, 00, BE, 25, 1F, 00, A8, 25, 1F, 00, 3C, 5D, 1F, 00, 3C, 5D, 1F, 00, 3C, 5D, 1F, 00, 3C, 5D, 1F, 00, AC, 2D, 5F, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file 291014_nj.exe has been seen being distributed by the following URL.

Remove 291014_nj.exe - Powered by Reason Core Security