» 291014_nj.exe
Overview
Analysis
File Details
Downloads (1)

291014_nj.exe

33Ix0SZNc64S

The executable 291014_nj.exe, “Download da Internet” has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from skivu.net.

File name:

291014_nj.exe

Publisher:

33Ix0SZNc64S

Description:

Download da Internet

Version:

8.9.2.8

MD5:

67d7b8055130cadbc565112bd2f4b454

SHA-1:

d4ed4617f6d5f191216b818e56ee3d49aff7d500

SHA-256:

dc0723d3c6e6abfae6b9d85d8c34b6c6878719ddafdc626ab3f6027c537621b1

Scanner detections:

9 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/23/2024 9:02:42 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160326-0

AVG

Win32/Parite

2015.0.4355

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.96

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.Artemis!4B20907CE235

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.680.0

File size:

2.4 MB (2,488,798 bytes)

33Ix0SZNc64SIK

Original file name:

33Ix0SZNc64SIKS

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\291014_nj.exe

File PE Metadata

Compilation timestamp:

12/5/2009 8:50:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:HzeEXBhFZCCmEpdhIkIC4KKxz5fDU02ptMX1Ke2kZrRT:HSEXBlCCmswkfhh02iKeTZt

Entry address:

0x3AD000

Entry point:

B9, 3C, 5D, 1F, 00, 90, 90, BA, 24, D0, 7A, 00, 90, 68, 98, 05, 00, 00, 5F, 90, 90, FF, 34, 3A, 31, 0C, 24, 8F, 04, 3A, 90, 83, EF, 04, 90, 90, 75, EF, 90, 90, D4, 20, 1E, 00, 3C, 5D, 1F, 00, 3C, 5D, 5F, 00, 03, 6F, 1F, 00, DC, 1E, 3C, 00, E2, 14, 3C, 00, 3C, ED, 1D, 00, 3D, 5D, 1F, 00, 5C, 2D, 5F, 00, B8, 25, 5F, 00, AA, 25, 5F, 00, 84, 39, 1F, 00, BE, 25, 1F, 00, A8, 25, 1F, 00, 5C, 3D, 1F, 00, BE, 25, 1F, 00, A8, 25, 1F, 00, 3C, 5D, 1F, 00, 3C, 5D, 1F, 00, 3C, 5D, 1F, 00, 3C, 5D, 1F, 00, AC, 2D, 5F, 00... 
[+]

Code size:

23 KB (23,552 bytes)

The file 291014_nj.exe has been seen being distributed by the following URL.

http://skivu.net/.../291014_nj.exe

Remove 291014_nj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.