freescan_seven_2012.exe

The executable freescan_seven_2012.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from srv17.airlinealarm.uni.me.
MD5:
f09308c174472177c73673a9d9a23ac4

SHA-1:
6ab5da72478463c5798d815cb2dc41ea7184c5b2

SHA-256:
fcadd300e275ba59a41f6a0adad9f0249d9405ac791470fde2f092bafa52b6a2

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/27/2024 2:36:44 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.HmBlocker
7.1.1

AhnLab V3 Security
Trojan/Win32.FakeAV
2013.08.01

Avira AntiVirus
TR/Winwebsec.akyna
7.11.94.82

avast!
Win32:MalOb-GF [Cryp]
2014.9-151209

AVG
FakeAlert
2016.0.2901

Bitdefender
Trojan.Zygug.Gen.1
1.0.20.1715

Clam AntiVirus
Win.Trojan.Fakeav-5196
0.98/18155

Comodo Security
TrojWare.Win32.Kryptik.ABDR
16683

Dr.Web
Trojan.KillProc.14812
9.0.1.0343

Emsisoft Anti-Malware
Trojan.Zygug.Gen
8.15.12.09.04

ESET NOD32
Win32/Kryptik.AAZN (variant)
9.8633

Fortinet FortiGate
W32/Kryptik.EA!tr
12/9/2015

F-Prot
W32/FakeAlert.TF.gen
v6.4.7.1.166

F-Secure
Trojan.Zygug.Gen.1
11.2015-09-12_4

G Data
Trojan.Zygug.Gen
15.12.22

IKARUS anti.virus
Trojan.Win32.FakeAV
t3scan.2.0.3.0

K7 AntiVirus
Trojan
13.170.9144

Kaspersky
Trojan-Ransom.Win32.HmBlocker
14.0.0.999

Malwarebytes
Trojan.Agent
v2015.12.09.04

McAfee
FakeAlert-SecurityTool.ea
5600.6557

Microsoft Security Essentials
Rogue:Win32/Winwebsec
1.163.1557.0

MicroWorld eScan
Trojan.Zygug.Gen.1
16.0.0.1029

NANO AntiVirus
Trojan.Win32.Fakeav.kfpyf
0.24.0.53571

Norman
FakeAV.AUPO
11.20151209

nProtect
Trojan.Zygug.Gen.1
13.07.31.03

Panda Antivirus
Trj/Resdec.c
15.12.09.04

Quick Heal
FraudTool.Security
12.15.12.00

Rising Antivirus
Trojan.Win32.Fednu.udb
23.00.65.151207

Sophos
Troj/FakeAV-FDA
4.91

SUPERAntiSpyware
Trojan.Agent/Gen-FraudSecurity
9459

Total Defense
Win32/Winwebsec.C!generic
37.0.10498

Trend Micro House Call
TROJ_FAKEAV.SMFE
7.2.343

Trend Micro
TROJ_FAKEAV.SMFE
10.465.09

Vba32 AntiVirus
Trojan.FakeAV
3.12.22.2

VIPRE Antivirus
Trojan.Win32.Fakeav.py
20034

ViRobot
Trojan.Win32.A.HmBlocker.312320.B
2011.4.7.4223

File size:
305 KB (312,320 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\freescan_seven_2012.exe

File PE Metadata
Compilation timestamp:
2/19/2012 5:05:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
6144:epMdbwYrrA/3GBIblh1MWaOV5RSSASkUSMGMFH6ZlyAEVL8YjUKHuv6NXALHQnI:epMdbwR/3kI5TMY4SkZz6HhAMLJjbOvF

Entry address:
0x13B0

Entry point:
55, 8B, EC, 83, EC, 0C, C7, 45, F4, 00, 00, 00, 00, C7, 45, F8, 00, 00, 00, 00, 81, 7D, 14, CD, 00, 00, 00, 75, 08, 6A, 00, FF, 15, 5C, 20, 00, 01, 6A, 0A, 6A, 00, 6A, 00, 6A, FF, E8, 6C, 06, 00, 00, 33, C9, E8, 38, FF, FF, FF, FF, 15, 60, 20, 00, 01, 6A, 00, FF, 15, 1C, 20, 00, 01, 33, C0, 8B, E5, 5D, C2, 10, 00, 55, 8B, EC, 83, EC, 20, 89, 55, E0, 89, 4D, E4, C7, 45, EC, 00, 00, 00, 00, C7, 45, FC, 00, 00, 00, 00, C7, 45, F4, 00, 00, 00, 00, C7, 45, F8, 01, 00, 00, 00, C7, 45, F0, 00, 00, 00, 00, C7, 45...
 
[+]

Entropy:
7.9061

Developed / compiled with:
Microsoft Visual C++

Code size:
3 KB (3,072 bytes)

The file freescan_seven_2012.exe has been seen being distributed by the following URL.

Remove freescan_seven_2012.exe - Powered by Reason Core Security