home

freescan_2012.exe

The executable freescan_2012.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from server45.televisionhunter.uni.me.
MD5:
26e35b6415a950008a2bfad95e04aba6

SHA-1:
4b865165b3b593febffd403f40a89796194b2e63

SHA-256:
32f6e636b72054a0de65706c696b234e65220c2376aeb17f5729ddd9a9a8bb7b

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
11/27/2024 2:29:31 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
FraudTool.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.FakeAV
2013.08.10

Avira AntiVirus
TR/Winwebsec.aiog
7.11.96.50

avast!
Win32:MalOb-GF [Cryp]
2014.9-160801

AVG
FakeAV
2017.0.2665

Bitdefender
Trojan.Zygug.Gen.1
1.0.20.1070

Comodo Security
TrojWare.Win32.Kryptik.ABTP
16739

Dr.Web
Trojan.KillProc.14812
9.0.1.0214

Emsisoft Anti-Malware
Trojan.Zygug.Gen
8.16.08.01.08

ESET NOD32
Win32/Kryptik.ABRB (variant)
10.8669

Fortinet FortiGate
W32/FakeAV.DEE!tr
8/1/2016

F-Prot
W32/FakeAlert.TN.gen
v6.4.7.1.166

F-Secure
Trojan.Zygug.Gen.1
11.2016-01-08_2

G Data
Trojan.Zygug.Gen
16.8.22

IKARUS anti.virus
Virus.Win32.Cryptor
t3scan.2.0.127

K7 AntiVirus
Trojan
13.170.9241

Kaspersky
Trojan-FakeAV.Win32.Agent
14.0.0.-182

Malwarebytes
Trojan.FakeAlert
v2016.08.01.08

McAfee
FakeAlert-SecurityTool.bt
5600.6321

Microsoft Security Essentials
Rogue:Win32/Winwebsec
1.163.1557.0

MicroWorld eScan
Trojan.Zygug.Gen.1
17.0.0.642

NANO AntiVirus
Trojan.Win32.Fakeav.kwqwu
0.26.0.53954

Norman
FakeAV.AVDV
11.20160801

nProtect
Trojan.Zygug.Gen.1
13.08.09.03

Panda Antivirus
Trj/Resdec.c
16.08.01.08

Quick Heal
FraudTool.Security
8.16.12.00

SUPERAntiSpyware
Trojan.Agent/Gen-Frauder
8986

Trend Micro House Call
TROJ_FAKEAV.SMFT
7.2.214

Trend Micro
TROJ_GEN.RCBOCI9
10.465.01

Vba32 AntiVirus
BScope.Malware-Cryptor.FakeAV.1241
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Fakeav.qln
20350

ViRobot
Trojan.Win32.A.Agent.327680.F
2011.4.7.4223

File size:
320 KB (327,680 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\freescan_2012.exe

File PE Metadata
Compilation timestamp:
2/29/2012 10:10:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
6144:zm3zTtJBb1i1xuTvxYc+yeYpjOnOzH/TCxXCMUU6g51DU:zOTtJBe6mYBRzH/TECMUUl1D

Entry address:
0x1370

Entry point:
55, 8B, EC, 83, EC, 18, C7, 45, F4, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, C7, 45, E8, 00, 00, 00, 00, C7, 45, EC, 00, 00, 00, 00, 6A, 00, E8, 27, FE, FF, FF, 83, C4, 04, 8B, 45, FC, C7, 40, 14, 00, 00, 00, 00, EB, 1E, 8B, 4D, FC, 8B, 51, 14, 83, C2, 01, 8B, 45, FC, 89, 50, 14, 8B, 4D, FC, 8B, 51, 18, 83, C2, 01, 8B, 45, FC, 89, 50, 18, 8B, 4D, FC, 8B, 55, FC, 8B, 41, 14, 3B, 42, 18, 73, 52, 8B, 4D, FC, C7, 41, 14, 00, 00, 00, 00, EB, 1E, 8B, 55, FC, 8B, 42, 14, 83, C0, 01, 8B, 4D, FC, 89, 41, 14, 8B...
 
[+]

Entropy:
7.7216

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

The file freescan_2012.exe has been seen being distributed by the following URL.

http://server45.televisionhunter.uni.me/index/.../

Remove freescan_2012.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.