evolution.exe

Evolution

DEV @

The executable evolution.exe has been detected as malware by 21 anti-virus scanners. The file has been seen being downloaded from download17.mediafire.com and multiple other hosts.
Publisher:
DEV @

Product:
Evolution

Version:
1.1.0.0

MD5:
8a26b52afa7b0531545fdf4d14261f0d

SHA-1:
dd37dc56881a8036732eee09c5277a881cc2d784

SHA-256:
c7efa2b67181358131c1aa6c2adc27edc56260d43339c166e4eb5d251345eead

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
11/27/2024 1:56:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11533632
733

Avira AntiVirus
TR/Dropper.Gen
7.11.205.68

Bitdefender
Trojan.Generic.11533632
1.0.20.160

Comodo Security
UnclassifiedMalware
20852

Emsisoft Anti-Malware
Trojan.Generic.11533632
8.15.02.01.09

Fortinet FortiGate
W32/Generic!tr
2/1/2015

F-Secure
Trojan.Generic.11533632
11.2015-01-02_1

G Data
Trojan.Generic.11533632
15.2.25

IKARUS anti.virus
Trojan.Dropper
t3scan.1.8.6.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2551

McAfee
RDN/Generic Dropper!vc
5600.6867

MicroWorld eScan
Trojan.Generic.11533632
16.0.0.96

NANO AntiVirus
Trojan.Win32.XPRH8925.dftwwg
0.30.0.64812

Norman
Suspicious_Gen4.GWUSF
11.20150201

nProtect
Trojan.Generic.11533632
15.01.26.01

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Quick Heal
Trojan.Generic.r3
2.15.14.00

Trend Micro House Call
TROJ_GEN.R0C1C0EI814
7.2.32

Trend Micro
TROJ_GEN.R0C1C0EI814
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
36998

ViRobot
Trojan.Win32.S.Agent.946704[h]
2014.3.20.0

File size:
924.5 KB (946,704 bytes)

Product version:
1.1.0.0

Copyright:
Copyright © 2014

Original file name:
93801225.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
7/14/2014 6:51:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:AdXjpni3YJjZt9BMHlRtO6V9ScGSGERlFgXqRMPl3pJsEyRmIpBEUcM9+u:AdFJjZXIRL9HYwlWXqckDEvu

Entry address:
0x8DDFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2137

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
560 KB (573,440 bytes)

The file evolution.exe has been seen being distributed by the following 20 URLs.

http://download17.mediafire.com/dbacga9dgpgg/.../Evolution.exe

http://download1271.mediafire.com/ig7389gx0rfg/.../Evolution.exe

http://download3.mediafire.com/ff9gpdeea3ag/.../Evolution.exe

http://download2113.mediafire.com/nfw5pgnzi8sg/.../Evolution.exe

http://download1297.mediafire.com/y31ijyicb27g/.../Evolution.exe

Remove evolution.exe - Powered by Reason Core Security