» informacja_o_dzialki_28463aae9683e00c52a5081b24038d100.exe
Overview
Analysis
File Details
Downloads (1)

informacja_o_dzialki_28463aae9683e00c52a5081b24038d100.exe

The executable informacja_o_dzialki_28463aae9683e00c52a5081b24038d100.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from poczta10.o2.pl.

File name:

MD5:

933841851b65fdd97e82204b1ae8e29f

SHA-1:

ea38d952e13c4162910d74ad8433b51d88991128

SHA-256:

029c859eae5688d72f1c5c7b7fd9b2e658654d71e42cd02eef32367d28aaf50b

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

11/23/2024 6:28:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BQOT

180

AegisLab AV Signature

Backdoor.W32.Androm

2.1.4+

Agnitum Outpost

Trojan.Cryptodef

7.1.1

AhnLab V3 Security

Trojan/Win32.CryptoWall

2016.03.08

Arcabit

Trojan.A

1.0.0.656

avast!

Win32:Trojan-gen

2014.9-160807

AVG

FileCryptor

2017.0.2658

Bitdefender

Trojan.Agent.BQOT

1.0.20.1100

Dr.Web

Trojan.Encoder.3905

9.0.1.0220

Emsisoft Anti-Malware

Trojan.Agent.BQOT

8.16.08.07.12

ESET NOD32

Win32/Injector.CSWX (variant)

10.13139

Fortinet FortiGate

Malicious_Behavior.VEX.94

8/7/2016

F-Secure

Trojan.Agent.BQOT

11.2016-07-08_1

G Data

Trojan.Agent.BQOT

16.8.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.2.0.8.0

K7 AntiVirus

Trojan

13.214.18947

Kaspersky

Backdoor.Win32.Androm

14.0.0.-213

Malwarebytes

Ransom.CryptoWall

v2016.08.07.12

McAfee

Artemis!933841851B65

5600.6314

Microsoft Security Essentials

VirTool:Win32/CeeInject

1.1.12505.0

MicroWorld eScan

Trojan.Agent.BQOT

17.0.0.660

NANO AntiVirus

Trojan.Win32.Cryptodef.eamqga

1.0.18.6677

nProtect

Trojan.Agent.BQOT

16.03.07.01

Panda Antivirus

Trj/cryptowall.B

16.08.07.12

Qihoo 360 Security

HEUR/QVM07.1.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Malware.Obscure!1.9C59 [F]

23.00.65.16805

Sophos

Mal/Zbot-UM

4.98

Trend Micro

TROJ_GEN.R00UC0DBP16

10.465.07

VIPRE Antivirus

Trojan.Win32.Generic

47716

ViRobot

Trojan.Win32.Agent.712704.H[h]

2014.3.20.0

Zillya! Antivirus

Backdoor.Androm.Win32.32585

2.0.0.2708

File size:

696 KB (712,704 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\informacja_o_dzialki_28463aae9683e00c52a5081b24038d100.exe

File PE Metadata

Compilation timestamp:

2/16/2016 4:08:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:9QsADPc8YjAd/wcB/oilYmMtZpICIlnGiNPV9jcRIyVCgmyywzpdzld:SsH8sgwc62Ym+pI7cjgOyGrz

Entry address:

0xE3CE

Entry point:

55, 8B, EC, 6A, FF, 68, 48, 15, 41, 00, 68, 22, E6, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 94, 37, 41, 00, 59, 83, 0D, B8, 28, 41, 00, FF, 83, 0D, C8, 28, 41, 00, FF, FF, 15, 98, 37, 41, 00, 8B, 0D, A4, 28, 41, 00, 89, 08, FF, 15, C4, 37, 41, 00, 8B, 0D, A0, 28, 41, 00, 89, 08, A1, C0, 37, 41, 00, 8B, 00, A3, AC, 28, 41, 00, E8, D0, 01, 00, 00, 39, 1D, 60, 26, 41, 00, 75, 0C, 68, 0C, E6, 40, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

64 KB (65,536 bytes)

The file informacja_o_dzialki_28463aae9683e00c52a5081b24038d100.exe has been seen being distributed by the following URL.

http://poczta10.o2.pl/?cmd=getpart&link=BFNgAZkG3YNTty88SAtPzbaPzMAa2OtLTPwcTNRhWaZjSMeP3OxPTPRPzM6eTOJ8zcaczMwcjMVhmYjPTP6czNkdDMJ8jNZjTMJ8DbadiNs8CMsmz02s6CGi00RDMyAGltmbQLmcb72YF72Xj5HZFFWYNHVaiODOZc2Mp7TZAcDOxBDMl9TNt7TNkeWMsODNkPGOZNCMfgXakkQGlFmbYBAekRDAokQGERDA6dBAAzAGkczMwbzNZkRGkRDARPzMZNwMkQhN6kjMkNiNaMiMaOlMZNDMEazMEagNkQRE6dRGsRFAlIWYBKGVUeAdkQhM6kDO2kTGwRDARPzMZNwMkQxE6aCA26zLekz02s6CGi00RDMyAGltmbQLmcb72YF72Xj5HZFFWYNHVaiODOZc2Mp7TZAcDOxBDMl9TNt7TNkeWMsODNkPGOZNDMkKXZ7BBAAkWafAXZ6kAGkNBAAuAGkeAOkQxD6kzNoOzNkaBAAZAGkczMwPjNkkTGRRDAsMTMRJDMsJjMtVTMkgDNwgzM6kRGoRxNAXAGlZGbpFlbYBHeZkTGsRDA6eBAAPAGkczMwPjNkkRGwRANkDCIi01AAwzAAltmbQLmcb72YF72Xj5HZFFWYNHVaiODOZc2Mp7TZAcDOxBDMl9TNt7TNkeWMsODNkPGOZNDMkKXZ7BAA

Remove informacja_o_dzialki_28463aae9683e00c52a5081b24038d100.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.