beatriz04.exe

The executable beatriz04.exe has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from www.hightail.com.
Version:
1.0.0.0

MD5:
edf905c45b561e9c661539e3dc021482

SHA-1:
858760bb80ba88d88caa18472c50b3e6e79b631a

SHA-256:
5da3579752dd14066ad8a0d57326dfa7d67a76ed86a2d673971127cf75c99638

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/25/2024 4:41:24 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160518-2

Dr.Web
Trojan.Starter.2890
9.0.1.05190

ESET NOD32
MSIL/Kryptik.CKG trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.225.469.0

File size:
186.1 KB (190,549 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\beatriz04.exe

File PE Metadata
Compilation timestamp:
4/8/2015 9:55:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:jlxAflR9jklgpu7Urf2x6I+yJYsm/a385CJ+8296XefGlC:jl2NzoUrfTvkSCJ+Ru8

Entry address:
0x21B02

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3624

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
127 KB (130,048 bytes)

The file beatriz04.exe has been seen being distributed by the following URL.

Remove beatriz04.exe - Powered by Reason Core Security