fapcf.pro v.2.0.exe

The executable fapcf.pro v.2.0.exe has been detected as malware by 25 anti-virus scanners. The file has been seen being downloaded from dc581.2shared.com.
Version:
0.0.0.0

MD5:
03f5b82700c05019fdda6a63a9735bac

SHA-1:
961dbb5f469f500c46ed5624fc06f01923c6ef15

SHA-256:
a0e76d428b6d8665c4790dd8cbd2c140f0bc329f47e0b20116eda539398209bc

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
12/26/2024 3:39:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSILDrop.8
242

AegisLab AV Signature
Troj.W32.Gen.lu3N
2.1.4+

AhnLab V3 Security
Trojan/Win32.Generic
2016.04.10

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.3.4

Arcabit
Trojan.MSILDrop.8
1.0.0.666

avast!
MSIL:Agent-TE [Drp]
2014.9-160607

AVG
PSW.ILUSpy
2017.0.2720

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1667

Bitdefender
Gen:Variant.MSILDrop.8
1.0.20.795

Clam AntiVirus
Win.Trojan.Agent-1372739
0.98/21511

Emsisoft Anti-Malware
Gen:Variant.MSILDrop
8.16.06.07.05

ESET NOD32
MSIL/Injector.VJ (variant)
10.13310

Fortinet FortiGate
MSIL/Injector.VJ!tr
6/7/2016

F-Secure
Gen:Variant.MSILDrop.8
11.2016-07-06_3

G Data
Gen:Variant.MSILDrop
16.6.25

IKARUS anti.virus
Trojan.MSIL.Spy
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.221.19261

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.94

Malwarebytes
Backdoor.Agent.PGen
v2016.06.07.05

Microsoft Security Essentials
VirTool:MSIL/Injector.EK
1.1.12603.0

MicroWorld eScan
Gen:Variant.MSILDrop.8
17.0.0.477

NANO AntiVirus
Trojan.Win32.CFI.dbikwp
1.0.18.7201

Panda Antivirus
Trj/GdSda.A
16.06.07.05

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

Trend Micro House Call
TROJ_INJECTOR_FB260047.UVPM
7.2.159

File size:
420 KB (430,080 bytes)

Product version:
0.0.0.0

Original file name:
Filename.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\fapcf.pro v.2.0.exe

File PE Metadata
Compilation timestamp:
12/1/2015 11:37:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:KA2nVLuxPufEfwC/99ApToQ2Rf2222+i/WuP:K7V/fCnLF

Entry address:
0x852E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5824

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
28 KB (28,672 bytes)

The file fapcf.pro v.2.0.exe has been seen being distributed by the following URL.

Remove fapcf.pro v.2.0.exe - Powered by Reason Core Security