home

mis_clientes.exe

Mis Clientes

The executable mis_clientes.exe, “Mis Clientes Setup ” has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.lucianoaibar.com.
Product:
Mis Clientes

Description:
Mis Clientes Setup

Version:
3.02

MD5:
049be84f280acefffe975cde3f5cb726

SHA-1:
6d2d2f5d6fff7a072f7a6143e07ebec87ce57117

SHA-256:
6c003774f6d5713c4699dc10e67a3fffaae2b31db76c75392548e92997679d7e

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/27/2024 8:55:14 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Oncer
160414-2

AVG
Win32/Chir.B@mm
2015.0.4604

ESET NOD32
Win32/Chir.B virus
8.0.319.0

F-Prot
W32/Thecid.B@mm
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.2377.0

Norman
Win32.Runouce.B@mm
28.05.2016 15:32:18

File size:
391.7 KB (401,052 bytes)

Product version:
3.02

Copyright:
www.lucianoaibar.com

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\mis_clientes.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:mQiGNc5F/L1J4+MBTlPadSfXioRcpMXVJo:mQiAcPjLMBTlP0QjcpMXVJo

Entry address:
0x662A0

Entry point:
60, E8, E6, 19, 00, 00, 8B, 74, 24, 20, E8, 08, 00, 00, 00, 61, 68, F8, A5, 40, 00, C3, E9, 59, E8, 01, 16, 00, 00, 81, E6, 00, F0, FF, FF, 81, EE, 00, 10, 00, 00, 66, 81, 3E, 4D, 5A, 75, F3, 0F, B7, 7E, 3C, 03, FE, 8B, 6F, 78, 03, EE, 8B, 5D, 20, 03, DE, 33, C0, 8B, D6, 83, C3, 04, 40, 8B, 3B, 03, FA, E8, 0F, 00, 00, 00, 47, 65, 74, 50, 72, 6F, 63, 41, 64, 64, 72, 65, 73, 73, 00, 5E, 33, C9, B1, 0F, FC, F3, A6, 75, DA, 8B, F2, 8B, 5D, 24, 03, DE, 0F, B7, 0C, 43, 8B, 5D, 1C, 03, DE, 8B, 1C, 8B, 03, DE, 81...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
39.5 KB (40,448 bytes)

The file mis_clientes.exe has been seen being distributed by the following URL.

http://www.lucianoaibar.com/.../mis_clientes.exe

Remove mis_clientes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.