home

faturacaixa.rar.exe

NFL

The application faturacaixa.rar.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from a96e2aee4e8f3dfd1cb0686d484ab280.renovacaofatura.com and multiple other hosts.
Publisher:
NFL

Product:
nfl

Version:
1.00

MD5:
3c73fded5412eba157c286e2cc5ff7c0

SHA-1:
30c16f211c1b4e1a6538dedb526928250d5c70b9

SHA-256:
2717115f84b3f695baadf43d8e5b0a22f4f70e6c5a370489ea719293a23f025a

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:58:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.VBKrypt.12
318

Avira AntiVirus
TR/VB.Downloader.Gen
8.3.1.6

Baidu Antivirus
Adware.Win32.Genome
4.0.3.16322

Bitdefender
Gen:Variant.VBKrypt.12
1.0.20.410

Emsisoft Anti-Malware
Gen:Variant.VBKrypt.12
8.16.03.22.03

ESET NOD32
probably unknown NewHeur_PE
10.11685

Fortinet FortiGate
W32/VB.ZIL!tr.dldr
3/22/2016

F-Secure
Gen:Variant.VBKrypt.12
11.2016-22-03_3

G Data
Gen:Variant.VBKrypt.12
16.3.25

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.477

McAfee
Artemis!3C73FDED5412
5600.6452

MicroWorld eScan
Gen:Variant.VBKrypt.12
17.0.0.246

Panda Antivirus
Trj/CI.A
16.03.22.03

Sophos
Troj/VB-IPQ
4.98

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
40564

File size:
40 KB (40,960 bytes)

Product version:
1.00

Original file name:
nfl.exe

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\users\{user}\downloads\faturacaixa.rar.exe

File PE Metadata
Compilation timestamp:
5/19/2015 10:15:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:6vFbZD0w4PhQvixvlSyFN2J5VnJmM9YM6WV2t86c5QJ:k2bhQvixvlSyFN2v5JmSZ6B86mQJ

Entry address:
0x12FC

Entry point:
68, 78, 14, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 43, B8, EC, 31, B8, 1A, 4B, 4F, 9A, 7B, 24, C8, AF, D9, 8C, B9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 62, 6E, 66, 6C, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, BD, 0A, 2C, F2, CC, 73, AB, 44, A3, 0A, 09, AB, 6F, 84, 45, D8, 99, 39, 38, E6, 55, AC, 71, 4E, 8E, 67, AB, 62, DD, 31, 3D, 51, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
20 KB (20,480 bytes)

The file faturacaixa.rar.exe has been seen being distributed by the following 2 URLs.

http://a96e2aee4e8f3dfd1cb0686d484ab280.renovacaofatura.com/.../?id=5326000

http://b260763951268913ffaf4840979fd76e.renovacaofatura.com/.../?id=5326000

Remove faturacaixa.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.