» cobranca-pdf523230103.exe
Overview
Analysis
File Details
Downloads (1)

cobranca-pdf523230103.exe

The executable cobranca-pdf523230103.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from forsegba.sslblindado.com.

File name:

Version:

0.0.0.0

MD5:

450e6db8b0019196b50514109c04d60c

SHA-1:

fa3b2fa628e881d1e61c5875ed261dde3981dd33

SHA-256:

45d88b4cb4f480b2bbb8b494ef2d98d57ee17d589d45a4beb625321fcdbd5a7f

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

11/14/2024 9:06:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.782732

342

Agnitum Outpost

Trojan.DL.Agent

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.237777

8.3.2.4

Arcabit

Trojan.Kazy.DBF18C

1.0.0.637

avast!

Win32:Malware-gen

2014.9-160227

AVG

Downloader.MSIL

2017.0.2820

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.16227

Bitdefender

Gen:Variant.Kazy.782732

1.0.20.290

Comodo Security

UnclassifiedMalware

23830

Emsisoft Anti-Malware

Gen:Variant.Kazy.782732

8.16.02.27.04

ESET NOD32

MSIL/TrojanDownloader.Agent.BGQ (variant)

10.12765

Fortinet FortiGate

MSIL/Agent.BGK!tr.dldr

2/27/2016

F-Secure

Gen:Variant.Kazy.782732

11.2016-27-02_7

G Data

Gen:Variant.Kazy.782732

16.2.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Agent

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.212.18194

Malwarebytes

Trojan.Dropper.FSHRD

v2016.02.27.04

McAfee

Artemis!450E6DB8B001

5600.6476

MicroWorld eScan

Gen:Variant.Kazy.782732

17.0.0.174

NANO AntiVirus

Trojan.Win32.Agent.dzhbhj

1.0.14.5317

Panda Antivirus

Trj/GdSda.A

16.02.27.04

Trend Micro

TROJ_GEN.R02KC0ELM15

10.465.27

VIPRE Antivirus

Trojan.Win32.Generic

45948

File size:

652 KB (667,648 bytes)

Product version:

0.0.0.0

Original file name:

Loader-PWSQMPMTUD.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\cobranca-pdf523230103.exe

File PE Metadata

Compilation timestamp:

12/15/2015 10:30:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:UXhCsLPX9n14jAGGjGkGjrNGGRTGSGgGm0GGoGGe/oRRfGGTGG8GkmIioqGGsGGq:mDbN127ugRujBaG3U0qEW

Entry address:

0x559E6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

336 KB (344,064 bytes)

The file cobranca-pdf523230103.exe has been seen being distributed by the following URL.

http://forsegba.sslblindado.com/js/easypie/.../

Remove cobranca-pdf523230103.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.