narracão brasfoot - cleber machado.exe

Www.managersnet.rg.com.br - Narração Cleber Machado Install ProgramoductVersion

The executable narracão brasfoot - cleber machado.exe has been detected as malware by 3 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dc612.4shared.com.
Product:
Www.managersnet.rg.com.br - Narração Cleber Machado Install ProgramoductVersion

Version:
2, 0, 0, 26

MD5:
adbb114cad698fcf9774698af5c8365e

SHA-1:
38e659d656726ee9d7e8b49817a2403e2febaba1

SHA-256:
56f629151e1c76f9c1821ed879ff61e2125f90e8c3e4f61d1df322ed566cb3ec

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/25/2024 6:33:35 PM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
suspicious
5/8/2016

F-Secure
W32/VBTroj.EQE
11.2016-08-05_1

Norman
W32/VBTroj.EQE
11.20160508

File size:
1015.5 KB (1,039,890 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\narracão brasfoot - cleber machado.exe

File PE Metadata
Compilation timestamp:
12/13/2006 7:11:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:raMMhJK/Y/4oESRxbYp5CBtMQ5AfiahTzT58k4eB:WJPKg/GQYPIqQ5AKaVGkrB

Entry address:
0x24850

Entry point:
60, BE, 00, 70, 41, 00, 8D, BE, 00, A0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
56 KB (57,344 bytes)

The file narracão brasfoot - cleber machado.exe has been seen being distributed by the following URL.

Remove narracão brasfoot - cleber machado.exe - Powered by Reason Core Security