golden parser v3.1 lastupdate by fkir.exe

The executable golden parser v3.1 lastupdate by fkir.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from upwap.ru.
Version:
2.7.0.0

MD5:
24a1acd923d61648fd11d7d8860d5615

SHA-1:
e950cc8e1b8f36766a24b7c3a4da26235bad7b15

SHA-256:
6a5682aee0e8ee163b1a629aab0a532bec4dc60101a6f76b8be35c3590b9cda1

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
12/25/2024 4:46:23 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
7.11.97.46

avast!
Win32:Malware-gen
2014.9-140127

Comodo Security
UnclassifiedMalware
16790

G Data
Win32.Trojan.Agent.WW1S8N
14.1.22

IKARUS anti.virus
Win32.Malware
t3scan.2.0.127

McAfee
Artemis!24A1ACD923D6
5600.7237

Norman
Suspicious_Gen2.RSMUM
11.20140127

Panda Antivirus
Suspicious file
14.01.27.04

Reason Heuristics
Unnamed.Threat.27
14.3.6.6

Trend Micro House Call
TROJ_GEN.R02KH01G913
7.2.27

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
20658

File size:
1.5 MB (1,624,576 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:ulfbGzKzWDAPq5ToIi5ZzBDAdgDf04zxxnhP6amjJ05WB20T6Titt19:+f6Cr5B5Qgz0kPnhPuG1Tg

Entry address:
0x155F48

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 78, 59, 55, 00, E8, AB, 11, EB, FF, 8B, 1D, 34, B9, 55, 00, 8B, 03, E8, 5E, 1B, F1, FF, 8B, 03, BA, C0, 5F, 55, 00, E8, 3A, 17, F1, FF, 8B, 0D, 28, BB, 55, 00, 8B, 03, 8B, 15, 7C, 15, 55, 00, E8, 57, 1B, F1, FF, 8B, 0D, 8C, BB, 55, 00, 8B, 03, 8B, 15, 94, 10, 55, 00, E8, 44, 1B, F1, FF, 8B, 0D, 9C, B8, 55, 00, 8B, 03, 8B, 15, DC, 12, 55, 00, E8, 31, 1B, F1, FF, 8B, 03, E8, AA, 1B, F1, FF, 5B, E8, A4, EB, EA, FF, FF, FF, FF, FF, 15, 00, 00, 00, 47, 6F, 6C, 64, 65, 6E, 20, 50...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,396,736 bytes)

The file golden parser v3.1 lastupdate by fkir.exe has been seen being distributed by the following URL.

Remove golden parser v3.1 lastupdate by fkir.exe - Powered by Reason Core Security