home

kaspersky.rectordecryptor_idg_downloader_109537_pc.exe

The executable kaspersky.rectordecryptor_idg_downloader_109537_pc.exe has been detected as malware by 10 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.idg.pl and multiple other hosts.
Description:
setup

Version:
2.2.3.4

MD5:
40f2d6191bea2f8fee589cb1185b5dac

SHA-1:
f5725f86ec91b3bdbda65fc73ee5934c715e7815

SHA-256:
ac2df6a6161ac9327343c987c87395297b19332539ce8742d14914a3699776fe

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/5/2024 6:51:03 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.PCWorldPLoader
4.0.3.131225

Bkav FE
W32.Clod682.Trojan
1.3.0.4677

Dr.Web
DLOADER.Trojan
9.0.1.0359

ESET NOD32
Win32/PCWorldPLoader (variant)
7.9298

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10867

McAfee
Artemis!40F2D6191BEA
5600.7270

Sophos
Generic PUA PF
4.96

Trend Micro House Call
TROJ_GEN.R0CBOH0A614
7.2.359

VIPRE Antivirus
Trojan.Win32.Generic
25474

File size:
1.3 MB (1,381,888 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Polish (Poland)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\kaspersky.rectordecryptor_idg_downloader_109537_pc.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:1SJkswnGx1k0Gi5oGX0SWmQ90dgrcGU5v8z/HTW1c0C/3:EnwjGEX0dgrc4PTeq3

Entry address:
0xD2E18

Entry point:
55, 8B, EC, 83, C4, F0, B8, 7C, 0C, 4D, 00, E8, 28, 45, F3, FF, A1, 8C, A0, 4D, 00, 8B, 00, E8, C4, 0E, F9, FF, A1, 8C, A0, 4D, 00, 8B, 00, BA, 90, 2E, 4D, 00, E8, 33, 09, F9, FF, 8B, 0D, 40, A2, 4D, 00, A1, 8C, A0, 4D, 00, 8B, 00, 8B, 15, 98, 7C, 4C, 00, E8, B3, 0E, F9, FF, 8B, 0D, 94, A2, 4D, 00, A1, 8C, A0, 4D, 00, 8B, 00, 8B, 15, F0, 5D, 4C, 00, E8, 9B, 0E, F9, FF, A1, 8C, A0, 4D, 00, 8B, 00, E8, 0F, 0F, F9, FF, E8, AA, 1F, F3, FF, 00, 00, FF, FF, FF, FF, 13, 00, 00, 00, 50, 43, 20, 57, 6F, 72, 6C, 64...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
836.5 KB (856,576 bytes)

The file kaspersky.rectordecryptor_idg_downloader_109537_pc.exe has been seen being distributed by the following 18 URLs.

http://www.idg.pl/ftp/downloader/.../18927.html

http://www.idg.pl/ftp/downloader/.../34130.html

http://www.pcworld.pl/ftp/downloader/.../841.html

http://www.pcworld.pl/ftp/downloader/.../33120.html

http://www.idg.pl/ftp/downloader/.../998.html

http://www.pcworld.pl/ftp/downloader/.../21059.html

http://www.pcworld.pl/ftp/downloader/.../12698.html

http://www.pcworld.pl/ftp/downloader/.../27855.html

http://www.idg.pl/ftp/downloader/.../23763.html

http://www.idg.pl/ftp/downloader/.../9171.html

http://www.idg.pl/ftp/downloader/.../12699.html

http://www.idg.pl/ftp/downloader/.../841.html

http://www.pcworld.pl/ftp/downloader/.../9861.html

http://www.pcworld.pl/ftp/downloader/.../64513.html

http://www.idg.pl/ftp/downloader/.../3296.html

http://www.idg.pl/ftp/downloader/.../13609.html

http://www.gamestar.pl/ftp/downloader/.../914.html

http://www.idg.pl/ftp/downloader/.../1401.html

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.