global loader v6.1.7.exe

JavaUpdate

Java@Registred

The executable global loader v6.1.7.exe has been detected as malware by 39 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from fs03n4.sendspace.com and multiple other hosts.
Publisher:
Java@Registred

Product:
JavaUpdate

Description:
JavaUpadate.exe

Version:
7.02.0012

MD5:
f5f0b5a4beabab0de1bfc8f0b241e613

SHA-1:
754d730b488cfe6bb0e0cbc0b71da52c41c6d6da

SHA-256:
e058378f5ca872af4d8b254fb0782fbcf887446e516e5ee743320e28b5248949

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
11/5/2024 8:23:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3171413
284

AegisLab AV Signature
Troj.W32.Gen.lZqO
2.1.4+

AhnLab V3 Security
Trojan/Win32.VB
2016.04.26

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Generic.D306455
1.0.0.672

avast!
MSIL:Agent-BXF [Trj]
2014.9-160425

AVG
VBCrypt
2017.0.2762

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.16425

Bitdefender
Trojan.GenericKD.3171413
1.0.20.580

Bkav FE
W32.HfsOval
1.3.0.7744

Clam AntiVirus
Win.Trojan.B-468
0.98/21511

Comodo Security
Backdoor.Win32.Agent.CEP13
24869

Dr.Web
Trojan.MulDrop.7451
9.0.1.0116

Emsisoft Anti-Malware
Trojan.GenericKD.3171413
8.16.04.25.06

ESET NOD32
Win32/TrojanDropper.VB.OOQ
10.13389

Fortinet FortiGate
W32/VB.NMR!tr
4/25/2016

F-Prot
W32/MSIL_Bladabindi.J.gen
v6.4.7.1.166

F-Secure
Trojan.GenericKD.3171413
11.2016-25-04_2

G Data
Trojan.GenericKD.3171413
16.4.25

IKARUS anti.virus
Backdoor.Bifrose
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.223.19414

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.306

Malwarebytes
Backdoor.Agent.DC
v2016.04.25.06

McAfee
Generic Dropper.f
5600.6418

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AJ
1.1.12603.0

MicroWorld eScan
Trojan.GenericKD.3171413
17.0.0.348

NANO AntiVirus
Trojan.Win32.Bifrose.ixsc
1.0.30.8000

nProtect
Trojan.GenericKD.3171413
16.04.25.01

Panda Antivirus
Trj/Genetic.gen
16.04.25.06

Qihoo 360 Security
QVM41.1.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Bifrose.EF3
4.16.14.00

Rising Antivirus
PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]
23.00.65.16423

Sophos
Troj/KillAV-FG
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
9181

Total Defense
Win32/Rebhip.PHEHJAD
37.1.62.1

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.116

Trend Micro
BKDR_BLADABI.SMC
10.465.25

Vba32 AntiVirus
TrojanDropper.VB
3.12.26.4

Zillya! Antivirus
Dropper.VB.Win32.62659
2.0.0.2814

File size:
1.1 MB (1,158,250 bytes)

Product version:
7.02.0012

Copyright:
www.java.com

Trademarks:
www.java.com

Original file name:
cactus.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\global loader v6.1.7.exe

File PE Metadata
Compilation timestamp:
1/18/2014 8:12:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:LWXW1au6yjx6PXrZyLEbk2z/CThMS+dWykmT3rug:qW1aumXAwQk2eS8kS3Sg

Entry address:
0x109C

Entry point:
68, F4, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 22, BF, F6, 35, 01, A8, 7D, 4A, A9, D1, 1C, 56, 22, 85, 20, DE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 36, 5C, 50, 52, 4F, 58, 00, 54, 4F, 20, 45, 4D, 20, 00, 00, 00, 00, 07, 00, 00, 00, B4, 15, 40, 00, 07, 00, 00, 00, 58, 15, 40, 00, 56, 42, 35, 21, F0, 1F, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 09, 04, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
4 KB (4,096 bytes)

The file global loader v6.1.7.exe has been seen being distributed by the following 2 URLs.

https://fs03n4.sendspace.com/dl/72cc8cfe04dc6d6a1a253ce7a043f1e7/5748e3ec72cb9780/.../Global Loader v6.1.7.exe

Remove global loader v6.1.7.exe - Powered by Reason Core Security