cobranca-pdf456834625.exe

The executable cobranca-pdf456834625.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.sanarcobrancas.ru and multiple other hosts.
Version:
0.0.0.0

MD5:
c587a3386a55dfd0df1ccd751b38d4c5

SHA-1:
392ec220a39c9d1e006c6c0f887905e166d7e942

SHA-256:
1ee3e22895e9356c97c94c63c68c3e1ebf8bb13aaf31a6d19194953755edfd11

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
11/27/2024 11:08:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.243329
8.3.2.4

Arcabit
Trojan.Generic.D2D60FC
1.0.0.646

avast!
Win32:Malware-gen
2014.9-160209

AVG
Downloader.MSIL
2017.0.2839

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.1629

Bitdefender
Trojan.GenericKD.2973948
1.0.20.200

Emsisoft Anti-Malware
Trojan.GenericKD.2973948
8.16.02.09.09

ESET NOD32
MSIL/TrojanDownloader.Agent.AHG (variant)
10.12899

Fortinet FortiGate
MSIL/Agent.BGK!tr.dldr
2/9/2016

F-Secure
Trojan.GenericKD.2973948
11.2016-09-02_3

G Data
Trojan.GenericKD.2973948
16.2.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18485

McAfee
Artemis!C587A3386A55
5600.6495

MicroWorld eScan
Trojan.GenericKD.2973948
17.0.0.120

NANO AntiVirus
Trojan.Win32.Agent.dzqonz
1.0.14.5380

nProtect
Trojan.GenericKD.2973948
16.01.20.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16207

Trend Micro
TROJ_GEN.R00JC0EAD16
10.465.09

VIPRE Antivirus
Trojan.Win32.Generic
46640

File size:
548 KB (561,152 bytes)

Product version:
0.0.0.0

Original file name:
Loader-ZLUJEEULTL.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cobranca-pdf456834625.exe

File PE Metadata
Compilation timestamp:
1/7/2016 2:48:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:rpLr7qpgIhk346/DjSEYoqqLSGGjGgGPvRGGNPG4GgGuMGGoGGE/o/dfGGTGGWav:dc2fnV+g/MtPxqRYbnUUPG69wC5gci

Entry address:
0x57D7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
344 KB (352,256 bytes)

The file cobranca-pdf456834625.exe has been seen being distributed by the following 2 URLs.

http://www.sanarcobrancas.ru/cobranca.php?cliente=d3g0FjSnuxfxWJ7VJTeezB0kP5kSUSJt-SESMT

Remove cobranca-pdf456834625.exe - Powered by Reason Core Security