mensagem 234092308420842.exe

The executable mensagem 234092308420842.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from bitly.com.
MD5:
c07adeae53d28d71e1039e520ec883c9

SHA-1:
3695e96ea853f3da21cd791225b082901b1ae85b

SHA-256:
77840b46ee7fd66b1da2e893ad0f4bc7c235c898a01d3fe8360384d086614c3d

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
12/24/2024 12:00:47 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Downloader.W32.Gen
2.1.4+

AhnLab V3 Security
Trojan/Win32.Banload
2015.11.13

Avira AntiVirus
TR/Dldr.Delphi.956
8.3.2.2

avast!
Win32:Dropper-gen [Drp]
2014.9-160305

AVG
Downloader.Banload2
2017.0.2814

Baidu Antivirus
Trojan.Win32.Banload
4.0.3.1635

Bitdefender
Gen:Variant.Symmi.57479
1.0.20.325

Emsisoft Anti-Malware
Gen:Variant.Symmi.57479
8.16.03.05.10

ESET NOD32
Win32/TrojanDownloader.Banload.WQT
10.12558

Fortinet FortiGate
W32/Banload.UKZ!tr.dldr
3/5/2016

F-Secure
Gen:Variant.Symmi.57479
11.2016-05-03_7

G Data
Gen:Variant.Symmi.57479
16.3.25

IKARUS anti.virus
Trojan-Downloader.Win32.Banload
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.17839

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.563

Malwarebytes
Trojan.Agent
v2016.03.05.10

McAfee
Artemis!C07ADEAE53D2
5600.6470

Microsoft Security Essentials
TrojanDownloader:Win32/Banload!rfn
1.1.12205.0

MicroWorld eScan
Gen:Variant.Symmi.57479
17.0.0.195

Panda Antivirus
Trj/CI.A
16.03.05.10

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R011C0DK715
10.465.05

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45186

File size:
486 KB (497,664 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\mensagem 234092308420842.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:3hZ4GMDrfnMs3qq6jyei3F/19omi05R3:RClfnMsVFeiZJv

Entry address:
0x67690

Entry point:
55, 8B, EC, 83, C4, F0, B8, B0, 73, F8, 07, E8, 0C, EF, F9, FF, A1, 8C, 9C, F8, 07, 8B, 00, E8, 34, A9, FE, FF, A1, 8C, 9C, F8, 07, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 24, 9B, F8, 07, A1, 8C, 9C, F8, 07, 8B, 00, 8B, 15, FC, 6B, F8, 07, E8, 29, A9, FE, FF, A1, 8C, 9C, F8, 07, 8B, 00, E8, 9D, A9, FE, FF, E8, EC, CC, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
410 KB (419,840 bytes)

The file mensagem 234092308420842.exe has been seen being distributed by the following URL.

Remove mensagem 234092308420842.exe - Powered by Reason Core Security