gerador de zp crossfire.exe

Software

The executable gerador de zp crossfire.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs12n4.sendspace.com and multiple other hosts.
Publisher:
Software

Product:
Software

Version:
1.0.0.0

MD5:
2d7bc9f93b4f10d3360631394b9b9d5f

SHA-1:
0980d32369fb8d63bc4517c075baa7d1cd9a26e2

SHA-256:
9f37ac94b1ce44793f200af01bbba151c64e855060e7653849d0eea3ba87f3e1

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
12/26/2024 11:02:25 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.172702
367

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

Agnitum Outpost
Trojan.DR.Dapato
7.1.1

Avira AntiVirus
TR/Dropper.Gen
8.3.2.4

Arcabit
Trojan.Zusy.D2A29E
1.0.0.653

avast!
Win32:Malware-gen
2014.9-160203

AVG
MSIL9
2017.0.2845

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.1623

Bitdefender
Gen:Variant.Zusy.172702
1.0.20.170

Clam AntiVirus
Win.Trojan.Agent-960081
0.98/21511

Emsisoft Anti-Malware
Gen:Variant.Zusy.172702
8.16.02.03.09

ESET NOD32
MSIL/TrojanDropper.Agent.BBQ (variant)
10.12964

Fortinet FortiGate
MSIL/Agent.BBQ!tr
2/3/2016

F-Secure
Gen:Variant.Zusy.172702
11.2016-03-02_4

G Data
Gen:Variant.Zusy.172702
16.2.25

IKARUS anti.virus
Trojan-Dropper.MSIL.Agent
t3scan.2.0.4.0

K7 AntiVirus
Trojan
13.213.18612

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.718

Malwarebytes
Trojan.Dropper.MSIL
v2016.02.03.09

McAfee
Artemis!2D7BC9F93B4F
5600.6501

Microsoft Security Essentials
Trojan:Win32/Dacic.A!rfn
1.1.12400.0

MicroWorld eScan
Gen:Variant.Zusy.172702
17.0.0.102

NANO AntiVirus
Trojan.Win32.Agent.dzqzut
1.0.14.5798

Panda Antivirus
Trj/CI.A
16.02.03.09

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

Trend Micro
TROJ_GEN.R01TC0DAF16
10.465.03

Vba32 AntiVirus
TrojanDropper.FrauDrop
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46926

Zillya! Antivirus
Trojan.Kryptik.Win32.837930
2.0.0.2642

File size:
716.6 KB (733,800 bytes)

Product version:
1.0.0.0

Copyright:
Software

Trademarks:
Software

Original file name:
Software.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\gerador de zp crossfire.exe

File PE Metadata
Compilation timestamp:
12/8/2015 10:43:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:KGX3jMMMMMMMMMMMMMMMrMMMMMMMMMMMMMMMMXnTppc6o7MMMMMMMMMMMMMM6aAc:FXzMMMMMMMMMMMMMMMrMMMMMMMMMMMM0

Entry address:
0x5AA2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7922

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
355 KB (363,520 bytes)

The file gerador de zp crossfire.exe has been seen being distributed by the following 2 URLs.

Remove gerador de zp crossfire.exe - Powered by Reason Core Security