» cobranca-pdf673715698.exe
Overview
Analysis
File Details
Downloads (2)

cobranca-pdf673715698.exe

The executable cobranca-pdf673715698.exe has been detected as malware by 20 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.bittencourtadvogados.ru and multiple other hosts.

File name:

Version:

0.0.0.0

MD5:

49d2eda6bb1be5465dfbb1fc2cf9c968

SHA-1:

1e495636f3260ff39f1155a9eededdcced460ba9

SHA-256:

81de478ffa0cb2f683342810ac255895893df2be76652a2a3cd955f8432f6dbd

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

11/15/2024 9:39:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.101116

382

Arcabit

Trojan.Strictor.D18AFC

1.0.0.629

AVG

Downloader.MSIL

2017.0.2860

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.16118

Bitdefender

Gen:Variant.Strictor.101116

1.0.20.90

Emsisoft Anti-Malware

Gen:Variant.Strictor.101116

8.16.01.18.12

ESET NOD32

MSIL/TrojanDownloader.Agent.BGK (variant)

10.12733

Fortinet FortiGate

MSIL/Agent.BGK!tr.dldr

1/18/2016

F-Secure

Gen:Variant.Strictor.101116

11.2016-18-01_2

G Data

Gen:Variant.Strictor.101116

16.1.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Agent

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.212.18130

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.797

Malwarebytes

Trojan.Dropper.FSHRD

v2016.01.18.12

McAfee

Artemis!49D2EDA6BB1B

5600.6516

MicroWorld eScan

Gen:Variant.Strictor.101116

17.0.0.54

NANO AntiVirus

Trojan.Win32.Agent.dzdzte

1.0.10.5081

Panda Antivirus

Trj/GdSda.A

16.01.18.12

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16116

VIPRE Antivirus

Trojan.Win32.Generic

45884

File size:

652 KB (667,648 bytes)

Product version:

0.0.0.0

Original file name:

Loader-BIITERSMIH.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\cobranca-pdf673715698.exe

File PE Metadata

Compilation timestamp:

12/7/2015 9:37:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:RXh2sTPXHcVossOcbAGGjGkGjrNGGRTGSGgGm0GGoGGe/oRRfGGTGG8GkmIioqGs:3XD8hsOcb7ugRujByG3U0qEW

Entry address:

0x559EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

336 KB (344,064 bytes)

The file cobranca-pdf673715698.exe has been seen being distributed by the following 2 URLs.

http://www.bittencourtadvogados.ru/cobranca.php?cliente=lJcS8WqC5DOtmBoi7bt4H0cRRr9ujx9o-JRSARTORI

http://www.liderancacobrancas.ru/cobranca.php?cliente=91OwlKjrsnKVZNuSMcrGSbbJQ37o2ogI

Remove cobranca-pdf673715698.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.