china2015.exe

The executable china2015.exe has been detected as malware by 12 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dc260.4shared.com and multiple other hosts.
MD5:
f4b87ec8ce4f38de0e3316d87dfbddd4

SHA-1:
fff01c0146c1f489c4332a92649f8ad57fbd7100

SHA-256:
5ec6576b12c3fb33803c1a12b854b5994ac2791b1363f19c3856b4f0055423d6

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/25/2024 6:59:22 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Malware/Win32.Generic
2015.12.16

Avira AntiVirus
TR/Agent.451360
8.3.2.4

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.1617

G Data
Win32.Trojan.Agent.8G5RSP
16.1.25

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.854

McAfee
RDN/Generic.dx
5600.6528

NANO AntiVirus
Trojan.Win32.Agent.dyodlk
1.0.10.5081

Panda Antivirus
Trj/CI.A
16.01.07.02

Qihoo 360 Security
Win32/Trojan.e6d
1.0.0.1077

Quick Heal
Trojan.Generic.r5
1.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16105

VIPRE Antivirus
Trojan.Win32.Generic
45872

File size:
440.8 KB (451,360 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\china2015.exe

File PE Metadata
Compilation timestamp:
10/7/2014 1:40:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:G8dNXSEscmdG+vjuoLAaS3wL2QEY3SJAnxyVHZAoS11MqDdvVnQYCbebRdJBexAU:Fscm9+assbOASqXOPmBdREr3mBhQLt

Entry address:
0x30E2

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, A8, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 40, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file china2015.exe has been seen being distributed by the following 16 URLs.

http://dc260.4shared.com/download/.../China_-_Brasfoot_2015.exe

http://dc501.4shared.com/download/.../china2015.exe

http://s8216.minhateca.com.br/File.aspx?e=zAdsto-ZD9dMaGGZvLZRpGzYjB3kWCE61S6kAKzHuaYmc5temR3Z_j-IZnLrfO2lwXapJj88Z24w_a5luMPiS4cDlv97SLgv0hGeY60qtXHiYPnK1h6BfQHaCd7uod-4gmwBdfJOaEATOe2KcEDJAQ&pv=2

http://dc582.4shared.com/download/.../china2015.exe

http://s8216.minhateca.com.br/File.aspx?e=zAdsto-ZD9dMaGGZvLZRpB_pLhEU6_mAiMBciSUzKW6ixgpTuX3QawaT4-UFAbRXdecF2_0lp2HSUnOG-lFqVB6EQ0wXZWTNHI623J2PtGCMyuSFbXq3IlgD5XVSn3djNcNS1jv_b-4Q4w0kWE8V6g&pv=2

http://s8216.minhateca.com.br/File.aspx?e=zAdsto-ZD9dMaGGZvLZRpGzYjB3kWCE61S6kAKzHuaa-ZTLeQfKNtYbFX8B3I9CU_Gs_mcoLDoJmqd1WhJXgy4uw2bzPprqg434fLd4pl8lawXmcLGemXNq2HTSgmC8N4-vycL3QYjFiAoXab8QpzA&pv=2

Remove china2015.exe - Powered by Reason Core Security