inquerito_dgfrgaa664-12-2015.exe

The executable inquerito_dgfrgaa664-12-2015.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 1drv.ms.
MD5:
0fd5514ba78c7c018023b64a3a0a8889

SHA-1:
b24d61fe7e85d69cf26a87e12787a17c687da214

SHA-256:
d0c6829b7a0816beaf86b0ffb4ce39cb5372f98507e139dd4ba0254226cc669e

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
12/24/2024 4:34:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Generic.Starter.3.83A72954
386

Avira AntiVirus
TR/Dldr.Agent.247941
8.3.2.4

Arcabit
Generic.Starter.3.83A72954
1.0.0.629

avast!
Win32:Banker-MON [Trj]
2014.9-160114

AVG
MSIL9
2017.0.2864

Baidu Antivirus
Trojan.MSIL.Banker
4.0.3.16114

Bitdefender
Generic.Starter.3.83A72954
1.0.20.70

Dr.Web
Trojan.DownLoader17.64880
9.0.1.014

Emsisoft Anti-Malware
Generic.Starter.3.83A72954
8.16.01.14.12

ESET NOD32
MSIL/Spy.Banker.DE (variant)
10.12728

Fortinet FortiGate
MSIL/Banker.DE!tr
1/14/2016

F-Secure
Gen:Variant.Zusy.172066
11.2016-14-01_5

G Data
Generic.Starter.3.83A72954
16.1.25

IKARUS anti.virus
Trojan.MSIL.Spy
t3scan.1.9.5.0

K7 AntiVirus
Spyware
13.212.18116

Kaspersky
HEUR:Trojan-Downloader.Script.Generic
14.0.0.817

Malwarebytes
Trojan.Banker.PJT
v2016.01.14.12

McAfee
RDN/Generic PWS.y
5600.6520

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.12300.0

MicroWorld eScan
Generic.Starter.3.83A72954
17.0.0.42

NANO AntiVirus
Trojan.Win32.DownLoader17.dzcewb
1.0.10.5081

nProtect
Generic.Starter.3.83A72954
15.12.15.01

Panda Antivirus
Trj/CI.A
16.01.14.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16112

Sophos
Troj/RarMal-LL
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45868

File size:
242.8 KB (248,603 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\inquerito_dgfrgaa664-12-2015.exe

File PE Metadata
Compilation timestamp:
3/18/2014 5:41:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:lzcAnwjVgKm4Qkx6yUbEBgDdo3aBYicsf:lzcAnc21r26yUYBmYit

Entry address:
0x1D95B

Entry point:
E8, 5D, 64, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 7A, FC, FF, FF, C7, 06, F0, B1, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F0, B1, 42, 00, E9, 2F, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F0, B1, 42, 00, E8, 1C, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 82, C9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
163 KB (166,912 bytes)

The file inquerito_dgfrgaa664-12-2015.exe has been seen being distributed by the following URL.

Remove inquerito_dgfrgaa664-12-2015.exe - Powered by Reason Core Security