mu1reldesvtur.exe

frmQualquer

www.microuniversity.com.br

This is a setup program which is used to install the application. The file has been seen being downloaded from dc652.4shared.com and multiple other hosts.
Publisher:
www.microuniversity.com.br

Product:
frmQualquer

Description:
Relação de Desvinculados

Version:
1.00.0003

MD5:
c807b3d54f803b61a9159bb69652cf18

SHA-1:
0b99dc491fe6eeaa63d8776eb648f743564bb7f0

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/5/2024 11:35:26 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.VBInject!1.64FA
23.00.65.16517

File size:
320 KB (327,680 bytes)

Product version:
1.00.0003

Original file name:
mu1reldesvtur.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\mu1reldesvtur.exe

File PE Metadata
Compilation timestamp:
11/8/2014 12:27:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:5douZ1qIT42Q6O9kjND+FPuQYZkHES2/kGi8Gcdfi2/mzyaglJzf7XdO5kdO5zdm:5qI1qatBD+FwkoGOfNmzyaMNf72inX6

Entry address:
0x2344

Entry point:
68, C4, 36, 42, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 96, AF, A2, 73, C1, B2, 99, 44, 81, 7B, A6, A7, F5, 96, 9F, C1, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 62, 61, 6C, 4E, 61, 6D, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 46, 61, 6C, 73, 65, 0D, 0A, 00, 00, 00, 00, FF, CC, 31, 00, 1C, F2, FD, BF, 91, A7, 34, 10, 44, 9E, 06, 4F, FC, 54, CB, 80, 19, 27, 41, A5, 7F, E5, 70, 9C, 4B, 80, D6, 76, 38, D2, 2B, C1, 80, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
304 KB (311,296 bytes)

The file mu1reldesvtur.exe has been seen being distributed by the following 2 URLs.

Scan mu1reldesvtur.exe - Powered by Reason Core Security