home

cita11-05.exe

Project1

STAR* LABS

The executable cita11-05.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from allsoft.org.ua.
Publisher:
STAR* LABS

Product:
Project1

Version:
1.00

MD5:
cc93907347d0dac783d0ead187e2d31b

SHA-1:
389fc06c4aa259e004064936eec07df7e7db2973

SHA-256:
7a0fbf34a70dd27811cad04cf299ae666197b32d4eb94dc9a46780d3c3ff81f8

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/26/2024 11:42:58 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160518-2

ESET NOD32
Win32/TrojanDownloader.VB.QXX trojan
8.0.319.0

F-Prot
W32/VBTrojan.17D1
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.223.2495.0

File size:
20 KB (20,480 bytes)

Product version:
1.00

Original file name:
Project1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cita11-05.exe

File PE Metadata
Compilation timestamp:
5/11/2016 3:37:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
96:/lxQzWmWxrrb6BTPDFTgLBxPupILzkVtMPZ/ODwqJdXaNDlDLNujOzII2:/Tcjc69PlqtuizWMPZysDFjII

Entry address:
0x1208

Entry point:
68, B8, 13, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, F3, 39, D0, 9B, 4F, F6, DC, 46, 80, 61, 1C, 97, 36, C6, BF, D0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 6A, 70, 76, 69, 63, 5C, 44, 00, 00, 00, 00, FF, CC, 31, 00, 01, 6A, A0, 1B, 8C, 98, 68, 69, 4F, AB, 0B, FD, A5, DA, 2F, F5, 65, 58, 3D, AA, 96, 8A, 92, D2, 4D, 9C, 23, EA, A9, DF, A8, EE, A1, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
8 KB (8,192 bytes)

The file cita11-05.exe has been seen being distributed by the following URL.

http://allsoft.org.ua/wp-content/plugins/advanced-custom-fields/core/.../registro-cita.php

Remove cita11-05.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.