» {blocked}.exe
Overview
Analysis
File Details
Downloads (1)

{blocked}.exe

The executable {blocked}.exe has been detected as malware by 28 anti-virus scanners. The file has been seen being downloaded from dc732.4shared.com.

File name:

{blocked}.exe

MD5:

5e54ab4ab017529253f586445a7ba144

SHA-1:

9577f63f04f271979d618799676550c66d4c89c0

SHA-256:

e97ca8a1e583f06302f4e95ad2774454780180bfa5839e05ddb3ab071522048f

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

11/5/2024 10:44:14 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Backdoor.W32.Napolar.vf!c

2.1.4+

AhnLab V3 Security

Trojan/Win32.Ransomlock.N1151019586

3.7.4.14

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.3.3.4

Arcabit

Trojan.Lethic.Gen.4

1.0.0.741

avast!

Win32:Evo-gen [Susp]

2014.9-160725

AVG

Dropper.Generic9

2017.0.2671

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.16725

Bitdefender

Trojan.Lethic.Gen.4

1.0.20.1035

Comodo Security

TrojWare.Win32.Injector.BAZF

25367

Dr.Web

Trojan.PWS.Panda.5841

9.0.1.0207

Emsisoft Anti-Malware

Trojan.Lethic.Gen

8.16.07.25.04

ESET NOD32

Win32/Injector.BBHC (variant)

10.13735

Fortinet FortiGate

W32/Trustezeb.E!tr

7/25/2016

F-Secure

Trojan.Lethic.Gen.4

11.2016-25-07_2

G Data

Trojan.Lethic.Gen

16.7.25

IKARUS anti.virus

Trojan.Inject2

t3scan.2.1.6.0

K7 AntiVirus

Trojan

13.231.20100

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-148

Malwarebytes

Ransom.Agent.ED

v2016.07.25.04

McAfee

Generic-FAUT!5E54AB4AB017

5600.6327

Microsoft Security Essentials

Trojan:Win32/Bagsu!rfn

1.1.12902.0

NANO AntiVirus

Trojan.Win32.Agent.cwcego

1.0.38.8984

Panda Antivirus

Trj/Dtcontx.L

16.07.25.04

Qihoo 360 Security

Win32/Trojan.9cc

1.0.0.1120

Sophos

Mal/Generic-S

4.98

Vba32 AntiVirus

TrojanSpy.Zbot

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

50516

Zillya! Antivirus

Trojan.Injector.Win32.242604

2.0.0.2938

File size:

184 KB (188,416 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\my_sexy_private_video_watch_now.avi.exe

File PE Metadata

Compilation timestamp:

3/26/2014 7:09:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

3072:PcexyEDE0E1l8cY/I7acmqvuTLWNAkJYfT9yq1cQpZ1IOF:0O7E78cY/WiqvuTKNAdfTT1cQpZ15F

Entry address:

0x5354

Entry point:

55, 8B, EC, 6A, FF, 68, D0, 6F, 40, 00, 68, DA, 54, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 68, 64, 40, 00, 59, 83, 0D, 50, 86, 40, 00, FF, 83, 0D, 54, 86, 40, 00, FF, FF, 15, 64, 64, 40, 00, 8B, 0D, 44, 86, 40, 00, 89, 08, FF, 15, 60, 64, 40, 00, 8B, 0D, 40, 86, 40, 00, 89, 08, A1, 5C, 64, 40, 00, 8B, 00, A3, 4C, 86, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 50, 85, 40, 00, 75, 0C, 68, D6, 54, 40, 00, FF, 15, 58, 64... 
[+]

Entropy:

7.4778

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

20 KB (20,480 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

https://dc732.4shared.com/.../Dn3S7Rl5ba?lgfp=30000

Remove {blocked}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.