» histórico de conversas - 02-12-2015.exe
Overview
Analysis
File Details
Downloads (2)

histórico de conversas - 02-12-2015.exe

New

The executable histórico de conversas - 02-12-2015.exe has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from bit.ly and multiple other hosts.

File name:

Product:

New

Version:

1.0.0.0

MD5:

c1dfd5d4db549d553f21d69318c86562

SHA-1:

83f56c1ebaf6924a837e544f0e170f984d1302d7

SHA-256:

52bebaa459c3628596293c38d77f3f849d73c2552db7f3d014754c72c9e87fc4

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

11/27/2024 9:27:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2905722

393

Agnitum Outpost

Trojan.DL.Banload

7.1.1

AhnLab V3 Security

Trojan/Win32.Banload

2015.12.11

Arcabit

Trojan.Generic.D2C567A

1.0.0.629

avast!

MSIL:Banker-FL [Trj]

2014.9-160107

AVG

Downloader.MSIL

2017.0.2871

Baidu Antivirus

Trojan.MSIL.Banload

4.0.3.1617

Bitdefender

Trojan.GenericKD.2905722

1.0.20.35

Comodo Security

UnclassifiedMalware

23732

Dr.Web

Trojan.DownLoader18.4933

9.0.1.07

Emsisoft Anti-Malware

Trojan.GenericKD.2905722

8.16.01.07.08

ESET NOD32

MSIL/TrojanDownloader.Banload.FP (variant)

10.12706

Fortinet FortiGate

MSIL/Banload.FP!tr.dldr

1/7/2016

F-Secure

Trojan.GenericKD.2905722

11.2016-07-01_5

G Data

Trojan.GenericKD.2905722

16.1.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Banload

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.212.18079

Kaspersky

Trojan-Banker.Win32.Banbra

14.0.0.851

Malwarebytes

Backdoor.Bot

v2016.01.07.08

McAfee

RDN/Generic.bfr

5600.6527

Microsoft Security Essentials

TrojanDownloader:Win32/Banload!rfn

1.1.12300.0

MicroWorld eScan

Trojan.GenericKD.2905722

17.0.0.21

NANO AntiVirus

Trojan.Win32.Banload.dzadix

1.0.10.5081

nProtect

Trojan.GenericKD.2905722

15.12.11.01

Panda Antivirus

Trj/CI.A

16.01.07.08

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Trend Micro

TROJ_GEN.R02KC0DL515

10.465.07

VIPRE Antivirus

Trojan.Win32.Generic

45760

File size:

17.5 KB (17,920 bytes)

Product version:

1.0.0.0

Original file name:

New.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\histórico de conversas - 02-12-2015.exe

File PE Metadata

Compilation timestamp:

12/2/2015 9:21:37 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:nMxzNCzpkydGVzbsLePewQJtQHuZE7aSBe:NCyUZbAQuAaSBe

Entry address:

0x5A96

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

15 KB (15,360 bytes)

The file histórico de conversas - 02-12-2015.exe has been seen being distributed by the following 2 URLs.

http://bit.ly/1jyjjOw

https://storage-eu-5.sharefile.com/download.ashx?dt=dtcad6b5730fb44d31968e34d219c9c66c&h=frLOfqHi8q kUAWJczqnjoXcTbUoDS7EAISaZxgZoQ8=

Remove histórico de conversas - 02-12-2015.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.