hileli_cocuk_k4.exe

WindowsApplication1

The application hileli_cocuk_k4.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s6.dosya.tc.
Product:
WindowsApplication1

Version:
1.0.0.0

MD5:
589533f338814bacf5b71ab85f28e275

SHA-1:
26e0e47d410d8a9e56a48459c08f689e0cf07b0f

SHA-256:
36549e14be2cff1f16e2a4873db6911bacfb9ecfaf1f2e8c78e550bf7f47a1ff

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:47:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3236705
218

AegisLab AV Signature
Uds.Dangerousobject.Multi!c
2.1.4+

Arcabit
Trojan.Generic.D316361
1.0.0.696

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1671

Bitdefender
Trojan.GenericKD.3236705
1.0.20.915

Emsisoft Anti-Malware
Trojan.GenericKD.3236705
8.16.07.01.12

ESET NOD32
MSIL/GameHack.FO potentially unsafe (variant)
10.13622

F-Secure
Trojan.GenericKD.3236705
11.2016-01-07_6

G Data
Trojan.GenericKD.3236705
16.7.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.-25

McAfee
RDN/Generic PUP.x
5600.6352

MicroWorld eScan
Trojan.GenericKD.3236705
17.0.0.549

nProtect
Trojan.GenericKD.3236705
16.06.09.01

Panda Antivirus
Trj/GdSda.A
16.07.01.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PUA.GameHack!8.223-qhCk37xl5mO (Cloud)
23.00.65.16629

Sophos
Generic PUA CG (PUA)
4.98

Trend Micro
TROJ_GEN.R002C0OER16
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
50002

File size:
298.5 KB (305,664 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Hileli ÇOCUK K4.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\hileli_cocuk_k4.exe

File PE Metadata
Compilation timestamp:
4/7/2016 9:59:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:DjkTgnwBiCPDcwjE2NgvHZERxYyxsFF6hRgiUiJnQThB0:DjkT13wwjEfEgyxsv68NiJQ9a

Entry address:
0x4A4CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
289.5 KB (296,448 bytes)

The file hileli_cocuk_k4.exe has been seen being distributed by the following URL.

Remove hileli_cocuk_k4.exe - Powered by Reason Core Security