new r2d price changer!!!.exe

The executable new r2d price changer!!!.exe has been detected as malware by 20 anti-virus scanners. The file has been seen being downloaded from download1051.mediafire.com.
MD5:
fcd1d3551d5c5c0ae7785af67e58100f

SHA-1:
d1a3b7d93ef596960e86115890710b195ff2a366

SHA-256:
d42354b271f18a2f42fa65ae7d7130f3c885acd10bab1998b185c341d0e9daa9

Scanner detections:
20 / 68

Status:
Malware

Analysis date:
12/27/2024 5:15:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.14894601
206

Agnitum Outpost
Trojan.PWS.Steam
7.1.1

Avira AntiVirus
TR/Agent.38400.370
8.3.1.6

Arcabit
Trojan.Generic.DE34609
1.0.0.425

avast!
Win32:Evo-gen [Susp]
2014.9-160712

Bitdefender
Trojan.Generic.14894601
1.0.20.970

Dr.Web
Trojan.PWS.Steam.628
9.0.1.0194

Emsisoft Anti-Malware
Trojan.Generic.14894601
8.16.07.12.06

F-Prot
W32/Backdoor2.HWJV
v6.4.7.1.166

F-Secure
Trojan.Generic.14894601
11.2016-12-07_3

G Data
Trojan.Generic.14894601
16.7.25

McAfee
Artemis!FCD1D3551D5C
5600.6340

MicroWorld eScan
Trojan.Generic.14894601
17.0.0.582

NANO AntiVirus
Trojan.Win32.Steam.dulvle
0.30.24.2668

nProtect
Trojan/W32.Agent.38400.XE
15.07.30.01

Qihoo 360 Security
Win32/Trojan.97a
1.0.0.1015

Rising Antivirus
PE:Trojan.Banker!6.1146
23.00.65.16710

SUPERAntiSpyware
Trojan.Agent/Gen-Banload
9025

Total Defense
Win32/Tnega.AWMI
37.1.62.1

VIPRE Antivirus
Trojan.Win32.Generic
42474

File size:
37.5 KB (38,400 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\new r2d price changer!!!.exe

File PE Metadata
Compilation timestamp:
7/30/2014 7:15:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
768:Yl/YMBg3ehsdD3A8c0MOeaUV45Ww3j/V3NA6t:pLdD+0MON593j/pt

Entry address:
0x1000

Entry point:
68, D8, 00, 00, 00, 68, 00, 00, 00, 00, 68, 90, B0, 40, 00, E8, 7C, 21, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 75, 21, 00, 00, A3, 94, B0, 40, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 62, 21, 00, 00, A3, 90, B0, 40, 00, E8, BC, 1F, 00, 00, E8, 27, 6C, 00, 00, E8, B9, 5F, 00, 00, E8, ED, 57, 00, 00, E8, DB, 41, 00, 00, E8, 03, 38, 00, 00, E8, AE, 34, 00, 00, E8, 09, 2B, 00, 00, E8, 5D, 28, 00, 00, 68, 07, 00, 00, 00, 68, 30, A2, 40, 00, 8D, 05, 64, B1, 40, 00, 50, 68, 08, 00...
 
[+]

Entropy:
6.4269

Packer / compiler:
PKLITE32, 0x1.1

Code size:
29 KB (29,696 bytes)

The file new r2d price changer!!!.exe has been seen being distributed by the following URL.

Remove new r2d price changer!!!.exe - Powered by Reason Core Security