mensagem 20129923834934935.exe

The executable mensagem 20129923834934935.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from bitly.com.
MD5:
1df797ef95db8f97d59c5035cd275203

SHA-1:
13aa1061e45d30ff2a48f13d58e814968bc0c211

SHA-256:
05b50932e48ee5809b35021c12a88239a5ccef8cf2fbc4f3ef439c5808529763

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
12/24/2024 11:40:56 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Downloader.W32.Gen
2.1.4+

AhnLab V3 Security
Trojan/Win32.Banload
2015.11.04

ESET NOD32
Win32/TrojanDownloader.Banload.WEO (variant)
10.12511

Fortinet FortiGate
W32/Banload.UKZ!tr.dldr
4/28/2016

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.290

Malwarebytes
Trojan.Banker.RND
v2016.04.28.11

Microsoft Security Essentials
TrojanDownloader:Win32/Banload.BCY
1.1.12205.0

Rising Antivirus
PE:Hack.Win32.Agent.dc!1393754 [F]
23.00.65.16426

Sophos
Troj/Delf-FYK
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
544 KB (557,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mensagem 20129923834934935.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:tLdcfZjcg9IBrbPF16HlDqqr/3HoYvfqkoo7pZ1rVWcDc8MvGNr7qy3hDQ2zds/E:tIZjcgQfP+pqxMlrrMHC7z3F6BDDS

Entry address:
0x7467C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 14, 43, F9, 07, E8, C0, 20, F9, FF, A1, F0, 70, F9, 07, 8B, 00, E8, 9C, E4, FD, FF, A1, F0, 70, F9, 07, 8B, 00, C6, 40, 5B, 00, 8B, 0D, F8, 72, F9, 07, A1, F0, 70, F9, 07, 8B, 00, 8B, 15, 70, 3B, F9, 07, E8, 91, E4, FD, FF, A1, F0, 70, F9, 07, 8B, 00, E8, 05, E5, FD, FF, E8, 6C, FD, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
462 KB (473,088 bytes)

The file mensagem 20129923834934935.exe has been seen being distributed by the following URL.

Remove mensagem 20129923834934935.exe - Powered by Reason Core Security