home

engenhariatm.com

JAKSON SANTOS DIAS

Domain Information

The domain engenhariatm.com registered by JAKSON SANTOS DIAS was initially registered in September of 2015 through UNIVERSO ONLINE S/A (UOL). Currently this domain has been known to host various forms of malware. The hosted servers are located in Phoenix, Arizona within the United States which resides on the CloudFlare, Inc. network. The domain uses the CloudFlare CDN, a distributed domain name server service which utilizes a number of reverse proxy IP Addresses (see below).
Registrar:
UNIVERSO ONLINE S/A (UOL)

Server location:
Arizona, United States (US)

Create date:
Monday, September 14, 2015

Expires date:
Wednesday, September 14, 2016

Updated date:
Monday, January 11, 2016

ASN:
AS13335 CLOUDFLARENET - CloudFlare, Inc.,US

Whois:
1 engenhariatm.com record

Scanner detections:
Malware distribution  (60% detected)

Scan engine
Details
Detections

Emsisoft Anti-Malware
Gen:Variant.Kazy.740924, Trojan.GenericKD.2824808, Gen:Variant.Graftor.254336, Gen:Variant.Zusy.175672, Gen:Variant.MSILPerseus.8820, Gen:Variant.MSILPerseus.6528, Gen:Variant.Kazy.717227, Gen:Trojan.Heur2.CTR.2jG4@aGxKmSei, Gen:Variant.Kazy.763549, Gen:Variant.Kazy.601782, Gen:Variant.Zusy.176911
69.39%

AVG
Generic14_c, Win32/Blacked, Win32/Blacked.dropper, Win32/Ramnit.A, Generic31, Atros3
53.06%

MicroWorld eScan
Gen:Variant.Kazy.740924, Trojan.GenericKD.2824808, Gen:Variant.Graftor.254336, Gen:Variant.Kazy.763408, Trojan.GenericKD.2838308, Gen:Variant.Symmi.59837, Gen:Variant.Zusy.176911, Gen:Variant.Kazy.638297, Gen:Variant.Kazy.717227, Trojan.GenericKD.2817633, Gen:Variant.MSILPerseus.6528
38.78%

Bitdefender
Gen:Variant.Kazy.740924, Trojan.GenericKD.2824808, Gen:Variant.Graftor.254336, Gen:Variant.Kazy.763408, Trojan.GenericKD.2838308
38.78%

Arcabit
Trojan.Kazy.DB4E3C, Trojan.Generic.D2B1A68, Trojan.Graftor.D3E180, Trojan.Kazy.DBA610, Trojan.Generic.D2B4F24, Trojan.Symmi.DE9BD
38.78%

G Data
Gen:Variant.Kazy.740924, Trojan.GenericKD.2824808, Gen:Variant.Graftor.254336, Gen:Variant.Kazy.763408, Trojan.GenericKD.2838308
38.78%

F-Secure
Trojan.GenericKD.2824808, Gen:Variant.Graftor.254336, Gen:Variant.Kazy.763408, Trojan.GenericKD.2838308, Gen:Variant.Symmi.59837
36.73%

Norman
Gen:Variant.Kazy.740924, Gen:Variant.Zusy.175672, Gen:Variant.MSILPerseus.8820, Win32.Ramnit, Gen:Variant.MSILPerseus.6528, Gen:Variant.Razy.6911
30.61%

Lavasoft Ad-Aware
Trojan.GenericKD.2824808, Gen:Variant.Graftor.254336, Gen:Variant.Kazy.763408, Trojan.GenericKD.2838308, Gen:Variant.Symmi.59837
30.61%

Avira AntiVirus
TR/Inject.967680, TR/Graftor.1483264.1, TR/Graftor.1429504.32, TR/Inject.942592, TR/Crypt.TPM.Gen, W32/Ramnit.C, TR/Kazy.152576.8
26.53%

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen, HEUR/QVM17.0.Malware.Gen, Win32/Trojan.9ea, Win32/Trojan.749, HEUR/QVM11.1.Malware.Gen, HEUR/QVM36.0.Malware.Gen
26.53%

McAfee
Artemis!331C194FEE80, Artemis!8F530337C6DB, Artemis!DC10FA96FA79, Artemis!CDF67E3134C3, Virus.W32/Ramnit.a, Artemis!5510C3FF3CBE
22.45%

avast!
Win32:Malware-gen, Win32:Dropper-gen [Drp], Win32:RmnDrp
22.45%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4726519, Trojan.Win32.Generic.pak!cobra
20.41%

Rising Antivirus
PE:Malware.RDM.40!5.2E[F1], PE:Malware.Generic/QRS!1.9E2D [F], PE:Malware.Generic(Thunder)!1.A1C4 [F], PE:Trojan.Confuser!1.A352 [F]
18.37%

The domain engenhariatm.com has been seen to resolve to the following 2 IP addresses.

104.31.64.161
February 4, 2016

104.31.65.161
February 4, 2016

File downloads found at URLs served by engenhariatm.com.

2 / 68      (inconclusive)
http://engenhariatm.com/.../14.dll?NN  (2f3394d4510d7322879848a978d8a6bd)

2 / 68      (Malware)
http://engenhariatm.com/loader/.../ca2.exe  (68115f0820dde46c1974dacc4e42d0d9)

24 / 68    (Malware)
http://engenhariatm.com/loader/.../novoloader.exe  (global loader ultra v6.1.3.exe)

4 / 68      (Malware)
http://engenhariatm.com/loader/.../cf3.exe  (96b194f4c82d0a9dea44a7d7f1486ccf)

2 / 68      (inconclusive)
http://engenhariatm.com/loader/.../cf1.exe  (e5d221a64d2fd610a56e34e9c28ce328)

1 / 68      (inconclusive)
http://engenhariatm.com/loader/.../wf1.dll?n0  (655c0669e1edfae44eb4459b7d49bed3)

12 / 68    (Malware)
http://engenhariatm.com/loader/.../pb1.exe  (df128faafdca899f77701c92905a895c)

17 / 68    (Malware)
http://engenhariatm.com/loader/.../cf2.exe  (2497d787cc3c8fc77541333f26fb37c2)

16 / 68    (Malware)
http://engenhariatm.com/loader/.../wf1.dll?n87  (ab0d30d54debaad61913d754fe7d8a12)

13 / 68    (Malware)
http://engenhariatm.com/loader/.../wf1.dll?n77  (9c9d8b5fe5cd66c00d711619baa2f226)

0 / 68
http://engenhariatm.com/loader/.../ca1.dll?n89  (2b2f7d4ebd9c8b32a7ded47edda28fff)

3 / 68
http://engenhariatm.com/loader/.../ca2.dll?n95  (20a00ca84ee3b1323165fa9dbdd7c583)

9 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n48  (65487879bb1c5f300404b7f634399ee1)

3 / 68
http://engenhariatm.com/loader/.../ca2.dll?n74  (c44909629e9e02e4a289905b7977e26e)

10 / 68    (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n70  (9435d2a4a7ff2f404cb696bc32518433)

3 / 68
http://engenhariatm.com/loader/.../ca2.dll?n16  (fdb18f8ec917d72bbf842874cb78ac2b)

1 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n61  (8973d1a112579f5dfede9a3457a4b252)

3 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n32  (694fe6dc8c5ec6e45f2bc6c0e60123e9)

13 / 68    (Malware)
http://engenhariatm.com/loader/.../ca2.dll?n35  (d363c346bc628b9e4c4497eaf3aaf5e7)

1 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n4  (18b8e9de0e30c9e1f7291d1546a017a2)

1 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n20  (d4e8012aa0301166fb2d54de9248182b)

1 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca2.dll?n24  (e9aea8e959da129f721f2294d7128acd)

6 / 68      (Malware)
http://engenhariatm.com/loader/.../pb4.exe  (2de67eeccf64b5e408b69b3884e7e08e)

2 / 68      (inconclusive)
http://engenhariatm.com/loader/.../ca3.dll  (623c586a5bc4fbb806e1a89580bd082c)

URL:
http://engenhariatm.com/

SSL certificate subject:
CN=sni64934.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
cloudflare-nginx

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.