mu1recados.exe

Envio de Recados

www.microuniversity.com.br

This is a setup program which is used to install the application. The file has been seen being downloaded from dc270.4shared.com.
Publisher:
www.microuniversity.com.br

Product:
Envio de Recados

Version:
1.00.0004

MD5:
2dc580a9b777292cd7dd521386e6becd

SHA-1:
cd4eec5bb67a1db579a60c9d95bb2d87fd5e44b5

SHA-256:
59b7ef0022bd5b42f382dd21cbf775940063edbdf505594acc213b620f675bc8

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 12:10:36 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.VBInject!1.64FA
23.00.65.16424

File size:
388 KB (397,312 bytes)

Product version:
1.00.0004

Original file name:
mu1recados.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\mu1recados.exe

File PE Metadata
Compilation timestamp:
11/7/2014 5:31:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:aih2KmwUM6M5MkB6udx+uAHpLnoJ2hlOVS8n+O:a3KuM6M5Mwdfg7oTn+O

Entry address:
0x293C

Entry point:
68, 5C, 8C, 42, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 20, AA, 85, 52, 9C, AB, D3, 41, 8C, 07, DE, 3C, DF, 23, 60, 3B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 30, ED, E1, 4E, 14, 91, 6F, F6, 40, 9A, B2, AE, 62, 2A, D3, 02, 8D, A3, 24, F3, 3A, C1, C0, 93, 44, A6, 46, 74, B7, 1B, 65, 26, C8, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
376 KB (385,024 bytes)

The file mu1recados.exe has been seen being distributed by the following URL.

Scan mu1recados.exe - Powered by Reason Core Security