mu1inativac.exe

frmQualquer

www.microuniversity.com.br

This is a setup program which is used to install the application. The file has been seen being downloaded from dc541.4shared.com and multiple other hosts.
Publisher:
www.microuniversity.com.br

Product:
frmQualquer

Description:
Inativação de Clientes

Version:
1.00.0002

MD5:
937c8c2495369ce8d582427d438dd938

SHA-1:
1708ca487f7e9c5aaa304ea00db63bbc97541294

SHA-256:
be063fe49aa2cdfe87b5d35df69c7dd8bc0d7796c634381dcb08903b4c8266e1

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 2:09:27 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Trojan.VBInject!1.64FA
23.00.65.16424

File size:
324 KB (331,776 bytes)

Product version:
1.00.0002

Original file name:
mu1inativac.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mu1inativac.exe

File PE Metadata
Compilation timestamp:
11/7/2014 5:24:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:Z0kLP3dMT42Q6O99jNuIOWEdMYDLIqyB7SfTouR9BM8Z5LyuLLyucLHDU4nNMDG6:Z3LP3d2MBQRIV7Sro+bZ

Entry address:
0x22A4

Entry point:
68, F8, 46, 42, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, AA, 78, 60, 9F, 40, DC, B7, 43, 89, 44, 3C, AE, 26, 01, F8, E0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 3C, 63, 1A, 0E, 68, 1F, 10, B5, 42, B3, 66, BA, B6, 74, C5, 95, 2A, BF, 53, 5D, 04, DB, A4, 58, 4B, B4, 20, 0B, BF, CA, 29, 89, 11, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
308 KB (315,392 bytes)

The file mu1inativac.exe has been seen being distributed by the following 2 URLs.

Scan mu1inativac.exe - Powered by Reason Core Security