indnaet [a1].exe

Gerenciador De Audio Do Windows

The executable indnaet [a1].exe has been detected as malware by 24 anti-virus scanners. The file has been seen being downloaded from fs06n1.sendspace.com.
Product:
Gerenciador De Audio Do Windows

Version:
1.0.0.0

MD5:
00058f9f057abc9aa1f1dced71adb31f

SHA-1:
59f2c36478177da2a8d382f52593caa6f8fff6eb

SHA-256:
61aa51180045fe5de16cc4f668bcda12e1df0816d328d4bf46f0809c4a32e5ff

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/25/2024 4:01:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.153610
230

AegisLab AV Signature
Troj.W32.Gen.lZj2
2.1.4+

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Zusy.D2580A
1.0.0.741

avast!
Win32:Malware-gen
2014.9-160618

AVG
Atros3
2017.0.2708

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16618

Bitdefender
Gen:Variant.Zusy.153610
1.0.20.850

Emsisoft Anti-Malware
Gen:Variant.Zusy.153610
8.16.06.18.04

ESET NOD32
MSIL/Packed.Confuser.P suspicious (variant)
10.13660

Fortinet FortiGate
W32/Generic!tr
6/18/2016

F-Prot
W32/MSIL_Troj.DL.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.153610
11.2016-18-06_7

G Data
Gen:Variant.Zusy.153610
16.6.25

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.2219953

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.36

McAfee
RDN/Generic.dx
5600.6364

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi
1.1.12805.0

MicroWorld eScan
Gen:Variant.Zusy.153610
17.0.0.510

Panda Antivirus
Trj/CI.A
16.06.18.04

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
50154

File size:
187.4 KB (191,932 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Gerenciador De Audio Do Windows.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\indnaet [a1].exe

File PE Metadata
Compilation timestamp:
6/14/2016 6:36:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:VQe+u7u9BFQsl7qxsQWSmjUZ7W7XXJrrjdiEVjLuenL3mT3dgqFVIC3:q3pYiQqjUZ78XJrPIK3LyBRcK

Entry address:
0x277BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 50, 00, 00, 80, 10, 00, 00, 00, 68, 00, 00, 80, 18, 00, 00, 00, 80, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2511

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
150 KB (153,600 bytes)

The file indnaet [a1].exe has been seen being distributed by the following URL.

Remove indnaet [a1].exe - Powered by Reason Core Security