global loader ultra v6.1.3.exe

The executable global loader ultra v6.1.3.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from engenhariatm.com. While running, it connects to the Internet address a-0001.a-msedge.net on port 80 using the HTTP protocol.
Version:
0.0.0.0

MD5:
3385ae19d8869106bd4ea5cf01159e05

SHA-1:
2b2c7a48a3beb70603bd599576efa0456fc5772a

SHA-256:
df6180a481ae2462c5f077784613c625584370e489eb4f86e136208304f67d36

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/26/2024 6:11:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3095910
321

AegisLab AV Signature
Troj.Generic
2.1.4+

AhnLab V3 Security
Trojan/Win32.Agent
2016.03.19

Avira AntiVirus
TR/Agent.1069568.24
8.3.3.2

Arcabit
Trojan.Generic.D2F3D66
1.0.0.662

avast!
Win32:Dropper-gen [Drp]
2014.9-160319

AVG
Atros3
2017.0.2799

Bitdefender
Trojan.GenericKD.3095910
1.0.20.395

Dr.Web
Trojan.DownLoader19.48305
9.0.1.079

Emsisoft Anti-Malware
Gen:Variant.Zusy.176911
11.5.0.6191

Fortinet FortiGate
PossibleThreat.P0
3/19/2016

F-Secure
Trojan.GenericKD.3095910
11.2016-19-03_7

G Data
Trojan.GenericKD.3095910
16.3.25

IKARUS anti.virus
Trojan.Atros3
t3scan.2.0.9.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.490

McAfee
Artemis!3385AE19D886
5600.6455

MicroWorld eScan
Trojan.GenericKD.3095910
17.0.0.237

NANO AntiVirus
Trojan.Win32.DownLoader19.eauzxq
1.0.18.6677

nProtect
Trojan.GenericKD.3095910
16.03.18.01

Panda Antivirus
Trj/GdSda.A
16.03.19.11

Qihoo 360 Security
HEUR/QVM11.1.Malware.Gen
1.0.0.1120

VIPRE Antivirus
Trojan.Win32.Generic
47982

ViRobot
Trojan.Win32.Z.Downloader19.1069568[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Black.Win32.46494
2.0.0.2733

File size:
1 MB (1,069,568 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\global loader ultra v6.1.3.exe

File PE Metadata
Compilation timestamp:
3/11/2016 3:56:03 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:X0o8hFHo/uaxORpys3+XguLZg6KS6Kt5U9TzW71/ITGorINH0:kjiuakRzMKS6K6m7hITGorIB

Entry address:
0x3BCF90

Entry point:
60, BE, 00, 20, 6D, 00, 8D, BE, 00, F0, D2, FF, C7, 87, 10, 6C, 2E, 00, AC, 09, BC, 38, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
944 KB (966,656 bytes)

The file global loader ultra v6.1.3.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

Remove global loader ultra v6.1.3.exe - Powered by Reason Core Security