{blocked}.exe

The executable {blocked}.exe has been detected as malware by 28 anti-virus scanners. The file has been seen being downloaded from dc732.4shared.com.
MD5:
5e54ab4ab017529253f586445a7ba144

SHA-1:
9577f63f04f271979d618799676550c66d4c89c0

SHA-256:
e97ca8a1e583f06302f4e95ad2774454780180bfa5839e05ddb3ab071522048f

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
12/28/2024 1:45:10 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Backdoor.W32.Napolar.vf!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Ransomlock.N1151019586
3.7.4.14

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.3.4

Arcabit
Trojan.Lethic.Gen.4
1.0.0.741

avast!
Win32:Evo-gen [Susp]
2014.9-160725

AVG
Dropper.Generic9
2017.0.2671

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16725

Bitdefender
Trojan.Lethic.Gen.4
1.0.20.1035

Comodo Security
TrojWare.Win32.Injector.BAZF
25367

Dr.Web
Trojan.PWS.Panda.5841
9.0.1.0207

Emsisoft Anti-Malware
Trojan.Lethic.Gen
8.16.07.25.04

ESET NOD32
Win32/Injector.BBHC (variant)
10.13735

Fortinet FortiGate
W32/Trustezeb.E!tr
7/25/2016

F-Secure
Trojan.Lethic.Gen.4
11.2016-25-07_2

G Data
Trojan.Lethic.Gen
16.7.25

IKARUS anti.virus
Trojan.Inject2
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.231.20100

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-148

Malwarebytes
Ransom.Agent.ED
v2016.07.25.04

McAfee
Generic-FAUT!5E54AB4AB017
5600.6327

Microsoft Security Essentials
Trojan:Win32/Bagsu!rfn
1.1.12902.0

NANO AntiVirus
Trojan.Win32.Agent.cwcego
1.0.38.8984

Panda Antivirus
Trj/Dtcontx.L
16.07.25.04

Qihoo 360 Security
Win32/Trojan.9cc
1.0.0.1120

Sophos
Mal/Generic-S
4.98

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
50516

Zillya! Antivirus
Trojan.Injector.Win32.242604
2.0.0.2938

File size:
184 KB (188,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\my_sexy_private_video_watch_now.avi.exe

File PE Metadata
Compilation timestamp:
3/26/2014 7:09:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
3072:PcexyEDE0E1l8cY/I7acmqvuTLWNAkJYfT9yq1cQpZ1IOF:0O7E78cY/WiqvuTKNAdfTT1cQpZ15F

Entry address:
0x5354

Entry point:
55, 8B, EC, 6A, FF, 68, D0, 6F, 40, 00, 68, DA, 54, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 68, 64, 40, 00, 59, 83, 0D, 50, 86, 40, 00, FF, 83, 0D, 54, 86, 40, 00, FF, FF, 15, 64, 64, 40, 00, 8B, 0D, 44, 86, 40, 00, 89, 08, FF, 15, 60, 64, 40, 00, 8B, 0D, 40, 86, 40, 00, 89, 08, A1, 5C, 64, 40, 00, 8B, 00, A3, 4C, 86, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 50, 85, 40, 00, 75, 0C, 68, D6, 54, 40, 00, FF, 15, 58, 64...
 
[+]

Entropy:
7.4778

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
20 KB (20,480 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

Remove {blocked}.exe - Powered by Reason Core Security