home

cobranca-pdf1640896917.exe

The application cobranca-pdf1640896917.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.cobraqui.ru and multiple other hosts.
Version:
0.0.0.0

MD5:
a29b21c4327eeed00cfa5dffc739888f

SHA-1:
e20b2b3308faf23c2e4cf58b8bc702e0a92d4271

SHA-256:
c4296f3f592bdf1cc8e48f9d2f70484f5341007d9af6a9a7a8c01fb5db56b310

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 9:29:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Barys.2182
385

Avira AntiVirus
TR/Dropper.MSIL.190639
8.3.2.4

Baidu Antivirus
Trojan.Win32.Generik
4.0.3.16115

Bitdefender
Gen:Variant.Adware.Barys.2182
1.0.20.75

Emsisoft Anti-Malware
Gen:Variant.Adware.Barys.2182
8.16.01.15.04

ESET NOD32
Generik.NNSRMBN (variant)
10.12798

F-Secure
Gen:Variant.Adware.Barys
11.2016-15-01_6

G Data
Gen:Variant.Adware.Barys.2182
16.1.25

MicroWorld eScan
Gen:Variant.Adware.Barys.2182
17.0.0.45

File size:
540 KB (552,960 bytes)

Product version:
0.0.0.0

Original file name:
Loader-LNELLVVGSJ.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cobranca-pdf1640896917.exe

File PE Metadata
Compilation timestamp:
12/20/2015 7:19:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:ZW4n1VaXA7ugRujBsYbnxUPGjvwC5vc5:x/pRuDUPGjIa

Entry address:
0x55DB6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
336 KB (344,064 bytes)

The file cobranca-pdf1640896917.exe has been seen being distributed by the following 6 URLs.

http://www.cobraqui.ru/index.php?boleto=Gv9ewSCwMMScUDkZQpf7vYMyYhGbr0ZM-JOSIPJ

http://www.liderancacobrancas.ru/cobranca.php?cliente=xEkk6nmCHCQkwLJJVTlf2VNyqlx5BcNj

http://www.cobraqui.ru/index.php?boleto=ACogvVtekESaZtFkHj51SmSWRwUxhvUX-ROSANACSOUZA2004

http://www.cobraqui.ru/index.php?boleto=1S7gB3phLmHlCAaVWNP50aDyUNcWBkrb-VANILSAECLAUDIO

http://www.logincobrancas.ru/index.php?boleto=buvQbf6UocWsZqSSxRMuw5CxSY8qj059-LILIANREBEL

http://www.cobraqui.ru/index.php?boleto=ZXtlQdELGaMEPY1ZaPDYRgpYdIOe2JSH-TELES-MARCIA2007

Remove cobranca-pdf1640896917.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.