cobranca-pdf523230103.exe

The executable cobranca-pdf523230103.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from forsegba.sslblindado.com.
Version:
0.0.0.0

MD5:
450e6db8b0019196b50514109c04d60c

SHA-1:
fa3b2fa628e881d1e61c5875ed261dde3981dd33

SHA-256:
45d88b4cb4f480b2bbb8b494ef2d98d57ee17d589d45a4beb625321fcdbd5a7f

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/27/2024 4:33:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.782732
342

Agnitum Outpost
Trojan.DL.Agent
7.1.1

Avira AntiVirus
TR/Dropper.MSIL.237777
8.3.2.4

Arcabit
Trojan.Kazy.DBF18C
1.0.0.637

avast!
Win32:Malware-gen
2014.9-160227

AVG
Downloader.MSIL
2017.0.2820

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.16227

Bitdefender
Gen:Variant.Kazy.782732
1.0.20.290

Comodo Security
UnclassifiedMalware
23830

Emsisoft Anti-Malware
Gen:Variant.Kazy.782732
8.16.02.27.04

ESET NOD32
MSIL/TrojanDownloader.Agent.BGQ (variant)
10.12765

Fortinet FortiGate
MSIL/Agent.BGK!tr.dldr
2/27/2016

F-Secure
Gen:Variant.Kazy.782732
11.2016-27-02_7

G Data
Gen:Variant.Kazy.782732
16.2.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18194

Malwarebytes
Trojan.Dropper.FSHRD
v2016.02.27.04

McAfee
Artemis!450E6DB8B001
5600.6476

MicroWorld eScan
Gen:Variant.Kazy.782732
17.0.0.174

NANO AntiVirus
Trojan.Win32.Agent.dzhbhj
1.0.14.5317

Panda Antivirus
Trj/GdSda.A
16.02.27.04

Trend Micro
TROJ_GEN.R02KC0ELM15
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
45948

File size:
652 KB (667,648 bytes)

Product version:
0.0.0.0

Original file name:
Loader-PWSQMPMTUD.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cobranca-pdf523230103.exe

File PE Metadata
Compilation timestamp:
12/15/2015 10:30:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:UXhCsLPX9n14jAGGjGkGjrNGGRTGSGgGm0GGoGGe/oRRfGGTGG8GkmIioqGGsGGq:mDbN127ugRujBaG3U0qEW

Entry address:
0x559E6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
336 KB (344,064 bytes)

The file cobranca-pdf523230103.exe has been seen being distributed by the following URL.

Remove cobranca-pdf523230103.exe - Powered by Reason Core Security