9930cmpttjalllang_pbr7.1.0_rel2879_pl5.1.0.699_a7.1.0.1066_verizon_wireless.exe

Project1

The executable 9930cmpttjalllang_pbr7.1.0_rel2879_pl5.1.0.699_a7.1.0.1066_verizon_wireless.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from download010.fshare.vn.
Product:
Project1

Version:
1.00

MD5:
1bb9fbf79d27c0991ef99449b1fb0c12

SHA-1:
8068bdffc2fef5067482d1fbe2a4e3c836cc2b48

SHA-256:
979e20f49a16c74464e8c5a54f67f5d86cc173b2fd63c4aaa769fa03cbbb4537

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 2:00:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.6.19

File size:
288.1 MB (302,124,802 bytes)

Product version:
1.00

Original file name:
TJprojMain.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\9930cmpttjalllang_pbr7.1.0_rel2879_pl5.1.0.699_a7.1.0.1066_verizon_wireless.exe

File PE Metadata
Compilation timestamp:
4/1/2013 2:08:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6291456:OpmNX3fdlF3JVuBa2LPFdvbqTQ7qNmYKRFYXkq6llhmKi:Wy3fdbuBa2LPfbKT7KvPq6llhxi

Entry address:
0x290C

Entry point:
68, DC, 3A, 40, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 57, 08, 7A, C5, 86, 1A, F4, 47, A8, FB, 94, FD, 7A, FD, 93, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 66, CF, 11, B7, 0C, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 7F, A1, 6C, ED, CC, B4, F9, 4B, B4, 26, 0B, DE, 01, CB, 7E, 81, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
104 KB (106,496 bytes)

The file 9930cmpttjalllang_pbr7.1.0_rel2879_pl5.1.0.699_a7.1.0.1066_verizon_wireless.exe has been seen being distributed by the following URL.