mr.diaa_2.exe

HaKeD COC

The executable mr.diaa_2.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1086.mediafire.com and multiple other hosts.
Publisher:
Microsoft*  (Invalid match)

Product:
HaKeD COC

Version:
1.0.0.0

MD5:
4e9c99951b9300684aa2125b8693570c

SHA-1:
f058feb185dfd1bd1d486462ca1f739c6bdcf9db

SHA-256:
c67a5d33307eaa5e911a68add23d3b23506cb056347fcdbc8eb712902b6a622a

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/25/2024 3:27:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12064847
386

Agnitum Outpost
Trojan.PWS.Agent
7.1.1

Avira AntiVirus
TR/Spy.Gen
7.11.200.24

avast!
Win32:Malware-gen
2014.9-160114

AVG
PSW.MSIL
2017.0.2864

Baidu Antivirus
Trojan.MSIL.InfoStealer
4.0.3.16114

Bitdefender
Trojan.Generic.12064847
1.0.20.70

Comodo Security
UnclassifiedMalware
20646

Emsisoft Anti-Malware
Trojan.Generic.12064847
8.16.01.14.02

ESET NOD32
MSIL/PSW.Agent.NYI (variant)
10.10984

Fortinet FortiGate
MSIL/Agent.OFU!tr
1/14/2016

F-Secure
Trojan.Generic.12064847
11.2016-14-01_5

G Data
Trojan.Generic.12064847
16.1.24

IKARUS anti.virus
Trojan.MSIL.PSW
t3scan.1.8.6.0

K7 AntiVirus
Password-Stealer
13.190.14585

McAfee
Artemis!4E9C99951B93
5600.6520

MicroWorld eScan
Trojan.Generic.12064847
17.0.0.42

NANO AntiVirus
Trojan.Win32.Agent.diopia
0.30.0.64448

Norman
Suspicious_Gen4.HFFKV
11.20160114

nProtect
Trojan.Generic.12064847
15.01.08.01

Panda Antivirus
Trj/Sharik.B
16.01.14.02

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0EK914
7.2.14

VIPRE Antivirus
Trojan.Win32.Generic
36486

File size:
440 KB (450,560 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Original file name:
Mr.Diaa.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\mr.diaa_2.exe

File PE Metadata
Compilation timestamp:
8/7/2014 3:58:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:aARXUQNv7JVLlxBi2sUIZd1lhePV2umBVgMUX/6Rqn:DR9TJVBsx1cV2uEUv6Q

Entry address:
0x6EA5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6346

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
435 KB (445,440 bytes)

The file mr.diaa_2.exe has been seen being distributed by the following 4 URLs.

http://download1086.mediafire.com/rkow85ig28vg/.../Mr.Diaa.exe

http://download1086.mediafire.com/cr29w5f78seg/.../Mr.Diaa.exe

Remove mr.diaa_2.exe - Powered by Reason Core Security