» global loader ultra v6.1.3.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

global loader ultra v6.1.3.exe

The executable global loader ultra v6.1.3.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from engenhariatm.com. While running, it connects to the Internet address a-0001.a-msedge.net on port 80 using the HTTP protocol.

File name:

Version:

0.0.0.0

MD5:

3385ae19d8869106bd4ea5cf01159e05

SHA-1:

2b2c7a48a3beb70603bd599576efa0456fc5772a

SHA-256:

df6180a481ae2462c5f077784613c625584370e489eb4f86e136208304f67d36

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/16/2024 12:21:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3095910

321

AegisLab AV Signature

Troj.Generic

2.1.4+

AhnLab V3 Security

Trojan/Win32.Agent

2016.03.19

Avira AntiVirus

TR/Agent.1069568.24

8.3.3.2

Arcabit

Trojan.Generic.D2F3D66

1.0.0.662

avast!

Win32:Dropper-gen [Drp]

2014.9-160319

AVG

Atros3

2017.0.2799

Bitdefender

Trojan.GenericKD.3095910

1.0.20.395

Dr.Web

Trojan.DownLoader19.48305

9.0.1.079

Emsisoft Anti-Malware

Gen:Variant.Zusy.176911

11.5.0.6191

Fortinet FortiGate

PossibleThreat.P0

3/19/2016

F-Secure

Trojan.GenericKD.3095910

11.2016-19-03_7

G Data

Trojan.GenericKD.3095910

16.3.25

IKARUS anti.virus

Trojan.Atros3

t3scan.2.0.9.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.490

McAfee

Artemis!3385AE19D886

5600.6455

MicroWorld eScan

Trojan.GenericKD.3095910

17.0.0.237

NANO AntiVirus

Trojan.Win32.DownLoader19.eauzxq

1.0.18.6677

nProtect

Trojan.GenericKD.3095910

16.03.18.01

Panda Antivirus

Trj/GdSda.A

16.03.19.11

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen

1.0.0.1120

VIPRE Antivirus

Trojan.Win32.Generic

47982

ViRobot

Trojan.Win32.Z.Downloader19.1069568[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Black.Win32.46494

2.0.0.2733

File size:

1 MB (1,069,568 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\global loader ultra v6.1.3.exe

File PE Metadata

Compilation timestamp:

3/11/2016 3:56:03 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:X0o8hFHo/uaxORpys3+XguLZg6KS6Kt5U9TzW71/ITGorINH0:kjiuakRzMKS6K6m7hITGorIB

Entry address:

0x3BCF90

Entry point:

60, BE, 00, 20, 6D, 00, 8D, BE, 00, F0, D2, FF, C7, 87, 10, 6C, 2E, 00, AC, 09, BC, 38, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

944 KB (966,656 bytes)

The file global loader ultra v6.1.3.exe has been seen being distributed by the following URL.

http://engenhariatm.com/loader/.../novoloader.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to a-0001.a-msedge.net (204.79.197.200:80)

Remove global loader ultra v6.1.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.