» faturacaixa.rar.exe
Overview
Analysis
File Details
Downloads (1)

faturacaixa.rar.exe

ruby

Citywonk

The application faturacaixa.rar.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ddee2026b3b2e9c3c02dd7d137fdf959.renovacaofatura.com.

File name:

faturacaixa.rar.exe

Publisher:

Citywonk

Product:

ruby

Version:

1.00

MD5:

cc04791d520baa9af77a5a3ddb7afdbc

SHA-1:

9ef9d3132461e05a4751847a14978ea510190a2f

SHA-256:

b9147bfef0046b6ea7890b182c300faa336df861e557bc225b72d5bbd7cd409b

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 12:00:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.PT.cm0@bOcpARoG

334

Agnitum Outpost

Trojan.DL.Genome

7.1.1

Avira AntiVirus

TR/VB.Downloader.Gen

8.3.1.6

avast!

Win32:Malware-gen

2014.9-160306

AVG

Generic36

2017.0.2812

Baidu Antivirus

Adware.Win32.Genome

4.0.3.1636

Bitdefender

Gen:Trojan.Heur.PT.cm0@bOcpARoG

1.0.20.330

Emsisoft Anti-Malware

Gen:Trojan.Heur.PT.cm0@bOcpARoG

8.16.03.06.09

ESET NOD32

probably unknown NewHeur_PE

10.11621

Fortinet FortiGate

W32/VB.ZIL!tr.dldr

3/6/2016

F-Secure

Gen:Trojan.Heur.PT.cm0@bOcpARoG

11.2016-06-03_1

G Data

Gen:Trojan.Heur.PT.cm0@bOcpARoG

16.3.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15900

Kaspersky

Trojan-Downloader.Win32.Genome

14.0.0.556

McAfee

RDN/Downloader.a!vn

5600.6468

MicroWorld eScan

Gen:Trojan.Heur.PT.cm0@bOcpARoG

17.0.0.198

Norman

Suspicious_Gen2.WDHEG

11.20160306

Panda Antivirus

Generic Suspicious

16.03.06.09

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.18A06A58!413166168

23.00.65.16304

Trend Micro House Call

TROJ_GEN.R047H09E715

7.2.66

File size:

32 KB (32,768 bytes)

Product version:

1.00

Original file name:

ruby.exe

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Common path:

C:\users\{user}\downloads\faturacaixa.rar.exe

File PE Metadata

Compilation timestamp:

5/7/2015 8:12:03 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:FwBdIF4U1jLURFgbvOreJY+3Foi4Ggv1eM9YM6oUQ:FkdEt1USbvOre5VnJvM9YM6b

Entry address:

0x12BC

Entry point:

68, 10, 14, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, F3, D7, 88, F4, C8, FA, 1B, 44, B4, B9, E2, E1, EE, 73, B5, CE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 62, 72, 75, 62, 79, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, 36, E2, 22, 17, D6, 38, FF, 45, AF, F9, 6B, 3B, DB, B2, 3F, 4F, 5B, EF, E1, 0C, F2, 66, 66, 48, 90, 1B, 85, 4A, AC, EA, 0D, 5E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

20 KB (20,480 bytes)

The file faturacaixa.rar.exe has been seen being distributed by the following URL.

http://ddee2026b3b2e9c3c02dd7d137fdf959.renovacaofatura.com/.../?id=9519071

Remove faturacaixa.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.