home

arquivo_f.exe

f221212

BR SOFTWARE LLC

The application arquivo_f.exe by BR SOFTWARE has been detected as adware by 8 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
BR SOFTWARE LLC  (signed and verified)

Product:
f221212

Version:
1.0.0.0

MD5:
8ee75b50f03460304a4553934d92466e

SHA-1:
bbaa0b31705b8e3b61c025b11910c94c9e597a8e

SHA-256:
2cfbedbcd3a711d718666b976143eb3c704f6c1f6f0dfa2a4604dbadb9089334

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
12/25/2024 11:56:23 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
160518-2

Dr.Web
Trojan.DownLoader7.44671
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.8549179
11.5.0.6191

ESET NOD32
MSIL/Adware.PCMega.G application
7.0.302.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.562

McAfee
Trojan.Trojan-FARN!8EE75B50F034
18.0.204.0

Norman
Trojan.Generic.8549179
19.05.2016 01:04:49

Reason Heuristics
PUP.BR Software.BRSOFTWA (M)
16.6.6.15

File size:
2.6 MB (2,731,234 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2012

Original file name:
f221212.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\arquivo_f.exe

Digital Signature
Signed by:
BR SOFTWARE LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/20/2012 9:35:01 PM

Valid to:
4/17/2013 7:03:06 PM

Subject:
CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, L=Lewes, S=DE, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27C2AD069AC04D

File PE Metadata
Compilation timestamp:
12/23/2012 12:40:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:KIMA4kUx+CWCsaMhgwRBdH3WV64cc15cafjYq6hucg3WJzP+WLFtG7EWq7/VQ:Kfh7L6hFRBR3ifl1oRUcg3grZQEWyu

Entry address:
0x45EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 78, 00, 00, 80, 18, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 02, 00, 00, 00, A8, 00, 00, 80, 03, 00, 00, 00, C0, 00, 00, 80, 04, 00, 00, 00, D8, 00, 00, 80, 05, 00, 00, 00, F0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9.5 KB (9,728 bytes)

Remove arquivo_f.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.