» components_app.exe
Overview
Analysis
File Details
Downloads (2)

components_app.exe

FDFDTTRT

The executable components_app.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from ssl2632.websiteseguro.com and multiple other hosts.

File name:

components_app.exe

Product:

FDFDTTRT

Description:

EERERERE

Version:

1.0.0.0

MD5:

1fee2d53b40986078b1d7e1e50086dc7

SHA-1:

0f1c7f83419a453b39783d6a9aebec95e24b89cc

SHA-256:

2b5b1d41b5ef500d8796c374edf99ecbd545fbc8eca50ca43a56fce51750af5f

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

11/15/2024 10:46:39 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DL.Banload

7.1.1

Arcabit

Trojan.Kazy.D8757D

1.0.0.582

avast!

Win32:Dropper-gen [Drp]

2014.9-160214

AVG

Downloader.Banload2

2017.0.2834

Baidu Antivirus

Trojan.MSIL.Banload

4.0.3.16214

Bitdefender

Gen:Variant.Kazy.554365

1.0.20.225

Comodo Security

UnclassifiedMalware

23429

Emsisoft Anti-Malware

Gen:Variant.Kazy.554365

8.16.02.14.12

ESET NOD32

MSIL/TrojanDownloader.Banload.BW (variant)

10.12421

Fortinet FortiGate

MSIL/Banload.BW!tr.dldr

2/14/2016

F-Secure

Gen:Variant.Kazy.554365

11.2016-14-02_1

G Data

Gen:Variant.Kazy.554365

16.2.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Banload

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.211.17567

McAfee

Artemis!1FEE2D53B409

5600.6490

Microsoft Security Essentials

TrojanDownloader:MSIL/Banload

1.1.12101.0

MicroWorld eScan

Gen:Variant.Kazy.554365

17.0.0.135

NANO AntiVirus

Trojan.Win32.Agent.dosool

0.30.26.3947

Panda Antivirus

Trj/Chgt.O

16.02.14.12

Quick Heal

TrojanDownloader.Banload.r3

2.16.14.00

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

44602

ViRobot

Trojan.Win32.A.Downloader.42496.NP[h]

2014.3.20.0

File size:

41.5 KB (42,496 bytes)

Product version:

1.0.0.0

Original file name:

SBL84337436373.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\components_app.exe

File PE Metadata

Compilation timestamp:

2/9/2015 12:20:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:vEGNzPw6Qz6LXfqxZlJdI+p14cD1u6qKYdaBpuFF8tZ:vE16Qz6jfIlScD1uYYdaBpuwz

Entry address:

0xBBEE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

39 KB (39,936 bytes)

The file components_app.exe has been seen being distributed by the following 2 URLs.

https://ssl2632.websiteseguro.com/.../removedor.exe

https://ssl2632.websiteseguro.com/.../components_app.exe

Remove components_app.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.