nf-was00003763677353520000000016br.exe

The executable nf-was00003763677353520000000016br.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from bitly.com.
MD5:
41835b362740720e6cc940660b2b792f

SHA-1:
0cbb32bceddd71c22abc58a0a4dba1fbea2b0690

SHA-256:
280cb6199b93f0c5aa2e602adcb83626197f62f2ffa2638e17d666d739e429e3

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
12/24/2024 11:54:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3404665
182

AegisLab AV Signature
Suspicious.Cloud.Gen!c
2.1.4+

AhnLab V3 Security
Downloader/Win32.Banload.N2047385841
3.7.5.15

Avira AntiVirus
TR/Downloader.kusf
8.3.3.4

Arcabit
Trojan.Generic.D33F379
1.0.0.741

avast!
Win32:Trojan-gen
2014.9-160806

AVG
Downloader.Banload2
2017.0.2660

Bitdefender
Trojan.GenericKD.3404665
1.0.20.1095

Bkav FE
W32.Clod393.Trojan
1.3.0.8108

Emsisoft Anti-Malware
Trojan.GenericKD.3404665
8.16.08.06.12

ESET NOD32
Win32/TrojanDownloader.Banload.XKU (variant)
10.13871

F-Secure
Trojan.GenericKD.3404665
11.2016-06-08_7

G Data
Trojan.GenericKD.3404665
16.8.25

IKARUS anti.virus
Trojan-Downloader.Win32.Banload
t3scan.2.1.6.0

K7 AntiVirus
Trojan-Downloader
13.235.20375

Kaspersky
Trojan-Downloader.Win32.Banload
14.0.0.-205

Malwarebytes
Trojan.Banker
v2016.08.06.12

McAfee
Generic.yk
5600.6316

Microsoft Security Essentials
TrojanDownloader:Win32/Banload
1.1.12902.0

MicroWorld eScan
Trojan.GenericKD.3404665
17.0.0.657

nProtect
Trojan.GenericKD.3404665
16.07.27.01

Panda Antivirus
Trj/Genetic.gen
16.08.06.12

Quick Heal
TrojanDownloader.Banload
8.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R02KC0CGH16
10.465.06

VIPRE Antivirus
Trojan.Win32.Generic
51166

Zillya! Antivirus
Downloader.Banload.Win32.73617
2.0.0.2981

File size:
808 KB (827,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\nf-was00003763677353520000000016br.exe

File PE Metadata
Compilation timestamp:
7/13/2016 12:51:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:+T9q7fU3p1470wkp36Wc0O6XEjbc8AnlDzgRnnrm3Zxcyqre07zoT+soW/lsWLyt:+T9qjs/x7y6/zlCrmLc7JzI+sr/lszX

Entry address:
0x1000

Entry point:
B8, C0, E8, 6F, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 49, B8, 88, 70, B9, 7F, 02, E4, D4, E7, A3, 09, EC, C0, 98, A1, 5C, B1, A8, F6, E3, C3, 31, 09, CF, 1F, C1, 4E, AB, B4, 5C, ED, 5C, 9F, 7F, 67, 31, 46, 42, 2A, F2, AE, C0, 51, E7, 04, 3B, B8, 82, D5, 97, 37, 7C, 93, 78, 0D, 1B, 57, 90, E9, A5, 95, D9, 44, 96, 60, DD, 40, F4, C1, F9, 67, 8C, 66, A6, EB, 35, FD, 1D, 17, 29, D6, 74, 16, EA, 22...
 
[+]

Packer / compiler:
PECompact v2

Code size:
2.5 MB (2,636,800 bytes)

The file nf-was00003763677353520000000016br.exe has been seen being distributed by the following URL.

Remove nf-was00003763677353520000000016br.exe - Powered by Reason Core Security