home

dobre-suas-vendas-em-8-semanas.pdf.exe

TODO:

TODO: <Company name>

The executable dobre-suas-vendas-em-8-semanas.pdf.exe, “TODO: <File description>” has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from demo.ovh.eu.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
8ba1ed8e25a30453347f491cc1930ea6

SHA-1:
8df9a5ecece00d9e9b77d1c005bb9f5f13914fef

SHA-256:
bb49dbcf60b01cd93822be201845931e114c14849a451c5f984a3501a14aee06

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/16/2024 10:51:32 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160216-0

Dr.Web
Trojan.DownLoader19.10013
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Razy.15501
10.0.0.5366

ESET NOD32
Win32/Injector.CQTN trojan
8.0.319.0

McAfee
Trojan.Artemis!8BA1ED8E25A3
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7034.0

Norman
Gen:Variant.Razy.15501
17.02.2016 05:18:35

File size:
400.8 KB (410,391 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2016

Original file name:
edzeufhziuehfize.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\dobre-suas-vendas-em-8-semanas.pdf.exe

File PE Metadata
Compilation timestamp:
1/22/2016 5:27:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:pE5rP0yp/csv37ZYMcnb7j5O6bPuSWLcOHsQJ:pM0G37UbLWSwLMQJ

Entry address:
0xBD21

Entry point:
E8, 8D, 20, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 38, 63, 41, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, D0, 57, 41, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, EF, 20, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, F9, 20, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Code size:
65.5 KB (67,072 bytes)

The file dobre-suas-vendas-em-8-semanas.pdf.exe has been seen being distributed by the following URL.

http://demo.ovh.eu/download/.../Dobre-suas-Vendas-em-8-Semanas.pdf.exe

Remove dobre-suas-vendas-em-8-semanas.pdf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.