gmail haking!.exe

JavaUpdate

Java@Registred

The executable gmail haking!.exe has been detected as malware by 37 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs09n5.sendspace.com and multiple other hosts.
Publisher:
Java@Registred

Product:
JavaUpdate

Description:
JavaUpadate.exe

Version:
7.02.0012

MD5:
de38f1184b1a2c8e073f7ec4cc4bfc9f

SHA-1:
adfda5df1bdacc392ab1600dedd84337a94216c4

SHA-256:
684927daefa3484f47fa78311f33db4b5bf438c6f57cabdab3dbe77d3d664209

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
12/26/2024 12:31:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Backdoor.Heur.Bifrose.Fm3@cirnIyhi
268

AegisLab AV Signature
Backdoor.W32.Bifrose.lfjj
2.1.4+

AhnLab V3 Security
Trojan/Win32.VB
2016.05.11

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Gen:Backdoor.Heur.Bifrose.E1D051
1.0.0.672

avast!
MSIL:Agent-DRD [Trj]
2014.9-160511

AVG
VBCrypt
2017.0.2746

Baidu Antivirus
MSIL.Backdoor.Bladabindi
4.0.3.16511

Bitdefender
Gen:Backdoor.Heur.Bifrose.Fm3@cirnIyhi
1.0.20.660

Bkav FE
W32.HfsOval
1.3.0.7717

Clam AntiVirus
Win.Trojan.B-468
0.99.211

Comodo Security
Backdoor.Win32.Agent.CEP13
24984

Dr.Web
Trojan.MulDrop.7451
9.0.1.0132

Emsisoft Anti-Malware
Gen:Backdoor.Heur.Bifrose.Fm3@cirnIyhi
8.16.05.11.04

ESET NOD32
Win32/TrojanDropper.VB.OOQ
10.13465

Fortinet FortiGate
W32/VB.NMR!tr
5/11/2016

F-Prot
W32/VBTrojan.Dropper.5
v6.4.7.1.166

F-Secure
Gen:Backdoor.Heur.Bifrose.Fm3@cirnIyhi
11.2016-11-05_4

G Data
Gen:Backdoor.Heur.Bifrose.Fm3@cirnIyhi
16.5.25

IKARUS anti.virus
Backdoor.Bifrose
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.224.19563

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.226

Malwarebytes
Backdoor.Agent.DC
v2016.05.11.04

McAfee
Generic Dropper.f
5600.6402

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.B
1.1.12706.0

MicroWorld eScan
Gen:Backdoor.Heur.Bifrose.Fm3@cirnIyhi
17.0.0.396

NANO AntiVirus
Trojan.Win32.Bifrose.ixsc
1.0.30.8213

Panda Antivirus
Trj/Genetic.gen
16.05.11.04

Qihoo 360 Security
HEUR/QVM41.2.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Bifrose.EF3
5.16.14.00

Rising Antivirus
Backdoor.MSIL.Bladabindi!1.9E49
23.00.65.16509

Sophos
Troj/KillAV-FG
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
9150

Total Defense
Win32/Rebhip.PHEHJAD
37.1.62.1

Trend Micro House Call
BKDR_BLADABI.SMC
7.2.132

Trend Micro
BKDR_BLADABI.SMC
10.465.11

Vba32 AntiVirus
TrojanDropper.VB
3.12.26.4

File size:
496.1 KB (507,985 bytes)

Product version:
7.02.0012

Copyright:
www.java.com

Trademarks:
www.java.com

Original file name:
cactus.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\game\gmail haking!.exe

File PE Metadata
Compilation timestamp:
1/18/2014 8:12:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:/1EKFhfQOpsVWq111111111IT+ajcLQwshvnzI0/aTFufUnyUDRp4WE4dAiNRcBZ:/1pffsAReSE+quc9pEdh+k2I

Entry address:
0x109C

Entry point:
68, F4, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 22, BF, F6, 35, 01, A8, 7D, 4A, A9, D1, 1C, 56, 22, 85, 20, DE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 36, 5C, 50, 52, 4F, 58, 00, 54, 4F, 20, 45, 4D, 20, 00, 00, 00, 00, 07, 00, 00, 00, B4, 15, 40, 00, 07, 00, 00, 00, 58, 15, 40, 00, 56, 42, 35, 21, F0, 1F, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 09, 04, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
4 KB (4,096 bytes)

The file gmail haking!.exe has been seen being distributed by the following 2 URLs.

https://fs09n5.sendspace.com/dl/5c43c5ce61419ee192eeada81e37e531/574c6d3e570602c5/.../Gmail Haking!.exe

Remove gmail haking!.exe - Powered by Reason Core Security