» doc.exe
Overview
Analysis
File Details
Downloads (1)

doc.exe

WindowsFormsApplication1

LUYARA FELIX DE ARAUJO 05168873359

The executable doc.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from storage.googleapis.com.

File name:

doc.exe

Publisher:

LUYARA FELIX DE ARAUJO 05168873359 (signed and verified)

Product:

WindowsFormsApplication1

Version:

1.0.0.0

MD5:

a322074116707b7ba6bafc19eff23d97

SHA-1:

ece8c7c7e495c5b454f51c963f9178447a7d1d1c

SHA-256:

1d49df774dab3f2e6e40eb57da6b8d6272050890231a97e4291f018969681681

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/24/2025 11:58:27 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2219261

361

Agnitum Outpost

Trojan.DL.Banload

7.1.1

AhnLab V3 Security

Trojan/Win32.Dynamer

2015.08.19

Avira AntiVirus

TR/Dldr.Agent.76808.1

8.3.1.6

Arcabit

Trojan.Generic.D21DCFD

1.0.0.425

avast!

Win32:Banker-LTF [Trj]

2014.9-160209

AVG

Downloader.Banload2

2017.0.2839

Baidu Antivirus

Trojan.Win32.Banload

4.0.3.1629

Bitdefender

Trojan.GenericKD.2219261

1.0.20.200

Comodo Security

UnclassifiedMalware

23042

Emsisoft Anti-Malware

Trojan.GenericKD.2219261

8.16.02.09.12

ESET NOD32

MSIL/Spy.Banker.CN (variant)

10.12115

Fortinet FortiGate

W32/Banload.CCX!tr.dldr

2/9/2016

F-Secure

Trojan.GenericKD.2219261

11.2016-09-02_3

G Data

Trojan.GenericKD.2219261

16.2.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.2016929

Kaspersky

Trojan-Downloader.MSIL.Banload

14.0.0.690

Malwarebytes

Trojan.MSIL.Banker

v2016.02.09.12

McAfee

RDN/Generic Downloader.x!my

5600.6495

MicroWorld eScan

Trojan.GenericKD.2219261

17.0.0.120

NANO AntiVirus

Trojan.Win32.Banload.dpfzyh

0.30.24.3079

nProtect

Trojan-Downloader/W32.Agent.76808

15.08.18.01

Panda Antivirus

Trj/CI.A

16.02.09.12

Quick Heal

TrojanDownloader.MSIL.r3

2.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.183CCACE!406637262

23.00.65.16207

Sophos

Troj/MSIL-CCX

4.98

Trend Micro House Call

TROJ_BANLOAD.YWNFM

7.2.40

Trend Micro

TROJ_BANLOAD.YWNFM

10.465.09

Vba32 AntiVirus

TrojanDownloader.MSIL.Banload

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43010

Zillya! Antivirus

Downloader.Banload.Win32.60627

2.0.0.2358

File size:

75 KB (76,808 bytes)

Product version:

1.0.0.0

Original file name:

forte.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\doc.exe

Digital Signature

Signed by:

LUYARA FELIX DE ARAUJO 05168873359

Authority:

GlobalSign nv-sa

Valid from:

11/10/2014 1:19:06 PM

Valid to:

11/11/2015 1:19:06 PM

Subject:

CN=LUYARA FELIX DE ARAUJO 05168873359, OU=TI, O=LUYARA FELIX DE ARAUJO 05168873359, L=Imperatriz, S=Maranhao, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D20CD8AF8CA0767E911EE22F03281F76

File PE Metadata

Compilation timestamp:

3/10/2015 9:28:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:w1YbkFSf0Iq5l+g7B4ajl4Y9F96Icw5KJY/ffnWOOdg7q3n+fQP:a6kFSf0I6l+qWajGCrgw5cY3fkdnsQ

Entry address:

0x42BE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

9 KB (9,216 bytes)

The file doc.exe has been seen being distributed by the following URL.

http://storage.googleapis.com/.../doc.exe

Remove doc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.