home

complexradio.scr

Suspect Scrapping

MapInfo Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Locky’. The file has been seen being downloaded from accounting.bitdefenderdistributor.net.
Publisher:
MapInfo Corporation

Product:
Suspect Scrapping

Description:
Separatist

Version:
128, 149, 58, 91

MD5:
80f3d2fbde0576a56adb27246df42564

SHA-1:
754517e5cf60a9ee78ef8b001ea5c74f0a1a8b71

SHA-256:
f8892b86dc8276633a660801d73e0d3a3d8b1dc2cedbfa54ee8b8af3efc1e75f

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 2:49:48 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7717

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.582

Qihoo 360 Security
HEUR/QVM07.1.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48 [F]
23.00.65.16228

File size:
180 KB (184,320 bytes)

Product version:
70, 73, 175, 185

Copyright:
Copyright © 2014

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\complexradio.scr

File PE Metadata
Compilation timestamp:
1/19/2005 5:13:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:fZRIfUEXXg1zxQ3H9RbEon02jujfzl/OibSsIXHebB5500Q3vzElSEepLPg5ArJH:RmfU+w1zxqbEonl0tJbwXHebBs0Q3vBP

Entry address:
0x1FC42

Entry point:
55, 8B, EC, 6A, FF, 68, 48, 01, 42, 00, 68, D0, FD, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 7C, FD, 41, 00, 59, 83, 0D, 84, FD, 43, 00, FF, 83, 0D, 88, FD, 43, 00, FF, FF, 15, 8C, FC, 41, 00, 8B, 0D, 92, FC, 41, 00, 89, 08, FF, 15, 9A, FC, 41, 00, 8B, 0D, A0, FC, 41, 00, 89, 08, A1, 1C, 01, 42, 00, 8B, 00, A3, 8C, FD, 43, 00, E8, 10, 01, 00, 00, 39, 1D, 60, 2D, 42, 00, 75, 0C, 68, BE, FD, 41, 00, FF, 15, 18, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
124 KB (126,976 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Locky

Command:
C:\users\{user}\appdata\local\temp\complexradio.scr


The file complexradio.scr has been seen being distributed by the following URL.

http://accounting.bitdefenderdistributor.net/.../get.php

Scan complexradio.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.