{blocked}.exe

Image Line

The executable {blocked}.exe has been detected as malware by 26 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www58.zippyshare.com.
Publisher:
Image Line  (signed and verified)

Version:
1.0.0.0

MD5:
e3d87e0b109c9b63789bf8687971cd9a

SHA-1:
f84dde87689c18a6af4ffc5041f42394e81f1e54

SHA-256:
52e8db56c55fa8d7f075bae4b31cce1a00b60557c5fa851810e2206ce647a7e6

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
11/27/2024 5:33:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.31791
224

Avira AntiVirus
TR/Dropper.MSIL.242381
8.3.2.4

Arcabit
Trojan.Generic.D7C2F
1.0.0.646

avast!
Win32:Malware-gen
2014.9-160624

AVG
MSIL9
2017.0.2702

Bitdefender
Trojan.GenericKDZ.31791
1.0.20.880

Comodo Security
UnclassifiedMalware
23999

Dr.Web
Trojan.DownLoader18.23009
9.0.1.0176

Emsisoft Anti-Malware
Trojan.GenericKDZ.31791
8.16.06.24.12

ESET NOD32
MSIL/Injector.NEW (variant)
10.12907

Fortinet FortiGate
MSIL/Injector.NIQ!tr
6/24/2016

F-Secure
Trojan.GenericKDZ.31791
11.2016-24-06_6

G Data
Trojan.GenericKDZ.31791
16.6.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18499

Kaspersky
Backdoor.Win32.Gbot
14.0.0.7

McAfee
RDN/Generic.dx
5600.6358

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.12400.0

MicroWorld eScan
Trojan.GenericKDZ.31791
17.0.0.528

NANO AntiVirus
Trojan.Win32.DownLoader18.dzndyb
1.0.14.5380

nProtect
Trojan.GenericKD.2969814
16.01.21.01

Panda Antivirus
Trj/CI.A
16.06.24.12

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16622

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R00XC0DAA16
10.465.24

VIPRE Antivirus
Trojan.Win32.Generic
46668

File size:
727.6 KB (745,104 bytes)

Product version:
1.0.0.0

Original file name:
EscrowBypass.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\escrowbypass_signed.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/17/2013 2:00:00 AM

Valid to:
5/18/2015 1:59:59 AM

Subject:
CN=Image Line, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Image Line, L=sint-martens-latem, S=ovl, C=BE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2B325047A6100E8DF6FC891F0DC6757A

File PE Metadata
Compilation timestamp:
12/23/2015 1:53:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:5g110n5nfiX+9Sio8grCaH+nW9SLJ7WuKTwfMV4u6A:s05fieE6tJ5ypH

Entry address:
0x807DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
508 KB (520,192 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

Remove {blocked}.exe - Powered by Reason Core Security