default file.exe

Client

The executable default file.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Default Key’.
Publisher:
Microsoft*  (Invalid match)

Product:
Client

Version:
1.0.0.0

MD5:
dd3f54792d1b3f89ac4946334b2647bd

SHA-1:
1545aaf3d40d6908612ade6b1ec3120ed1a28c53

SHA-256:
ae51bdbdc78e70fb86516f295a6f2c19bcfcb5ee12da979526d0d0ccf4927238

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
12/25/2024 3:58:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2043893
379

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.198.100

avast!
MSIL:GenMalicious-CI [Trj]
2014.9-160122

AVG
MSIL6
2017.0.2857

Bitdefender
Trojan.GenericKD.2043893
1.0.20.110

Emsisoft Anti-Malware
Trojan.GenericKD.2043893
8.16.01.22.04

ESET NOD32
Generik.NMJDBXE (variant)
10.10937

Fortinet FortiGate
W32/Generic!tr
1/22/2016

F-Secure
Trojan.GenericKD.2043893
11.2016-22-01_6

G Data
Trojan.GenericKD.2043893
16.1.24

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.5.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.779

McAfee
RDN/Generic.dx!dhr
5600.6513

MicroWorld eScan
Trojan.GenericKD.2043893
17.0.0.66

Norman
Kryptik.CEDA
11.20160122

nProtect
Trojan.GenericKD.2043893
14.12.26.01

Panda Antivirus
Trj/CI.A
16.01.22.04

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047H07LM14
7.2.22

VIPRE Antivirus
Trojan.Win32.Generic
36178

File size:
342 KB (350,208 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2013

Original file name:
WhatsappInstalador.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\default folder\default file.exe

File PE Metadata
Compilation timestamp:
12/21/2014 2:13:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:/0t0JIzZgmDErnIuwVEf0TSDZ4RTRh1nBLI4R9ACugx4Yctl:hmEjIF2+RT5BLfR9AZoI

Entry address:
0x56ADE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
339 KB (347,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Default Key

Command:
C:\users\{user}\appdata\local\default folder\default file.exe


The file default file.exe has been seen being distributed by the following URL.

Remove default file.exe - Powered by Reason Core Security