home

geradordecontas.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from dc445.4shared.com.
MD5:
21260d1292ae8a6f0292bfa711b9cfeb

SHA-1:
f3dbade627adcd4064a0da49a63236839b36c82d

SHA-256:
84cb0d3ee5d40cface0373da0b5f45b5312555a4b50b28d42edd98f9a37e086b

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 1:48:02 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Injector.CPME trojan
6.3

File size:
516 KB (528,384 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\geradordecontas.exe

File PE Metadata
Compilation timestamp:
1/3/2016 1:25:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:uCndCnbJfrVzEn2e9G6DMzxIvoPjz/Z/IakIrmiV98VrFTpwLcHew7:PUlfpEnR9G6DMzxg4vZ/NkIrmiVHw7

Entry address:
0x1400

Entry point:
68, 70, 2D, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 96, 1B, 01, 33, 35, 08, 0D, 4E, A7, CC, 88, EC, FE, 03, 79, A0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 49, 65, 78, 70, 6C, 6F, 72, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 05, EA, 0A, AF, 3D, D7, BE, D9, 42, 92, 00, B6, A4, FE, 93, A1, 60, 82, 12, 0B, 06, D5, E3, 6D, 41, 9D, 79, C9, 83, F1, C0, 09, 57, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Code size:
96 KB (98,304 bytes)

The file geradordecontas.exe has been seen being distributed by the following URL.

http://dc445.4shared.com/download/.../GeradorDeContas.exe

Scan geradordecontas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.