home

order_report_423489237498237982234234231.exe

The executable order_report_423489237498237982234234231.exe has been detected as malware by 30 anti-virus scanners. The file has been seen being downloaded from btmail.bt.com.
Version:
32.125.87.40

MD5:
ac1ddfc5d4341cf113e97d06543d42a5

SHA-1:
e06a0fbe2c10fed1f1d45ed4e418be99ef8f27de

SHA-256:
bcda3de45323e7349013006aaf761096da4f040803cfcf5d4d5bfc0a75c05e3c

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
1/16/2025 1:46:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1947382
819

AegisLab AV Signature
Win.Troj.Agent
2.1.4+

AhnLab V3 Security
Malware/Win32.Generic
2014.11.06

Avira AntiVirus
TR/Gamarue.A.875
7.11.183.62

avast!
Win32:Trojan-gen
2014.9-141107

AVG
MSIL5
2015.0.3297

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.14117

Bitdefender
Trojan.GenericKD.1947382
1.0.20.1555

Comodo Security
UnclassifiedMalware
19997

Dr.Web
BackDoor.Andromeda.404
9.0.1.0311

Emsisoft Anti-Malware
Trojan.GenericKD.1947382
8.14.11.07.03

ESET NOD32
MSIL/Injector.FZQ (variant)
8.10675

Fortinet FortiGate
W32/Androm.ANY!tr.bdr
11/7/2014

F-Secure
Trojan-Downloader:W32/Wauchos.E
11.2014-07-11_6

G Data
Trojan.GenericKD.1947382
14.11.24

IKARUS anti.virus
Trojan.MSIL.Inject
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13888

Kaspersky
Backdoor.Win32.Androm
14.0.0.2982

Malwarebytes
Trojan.MSIL.Injector
v2014.11.07.03

McAfee
RDN/Generic BackDoor!b2k
5600.6953

Microsoft Security Essentials
Worm:Win32/Gamarue.AN
1.11104

Norman
Sharik.F
11.20141107

nProtect
Trojan.GenericKD.1947382
14.11.05.01

Quick Heal
Backdoor.Androm.r3
11.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.178C718F!395080079
23.00.65.141105

Sophos
Troj/Msil-ANY
4.98

Trend Micro House Call
TROJ_SPNR.11K414
7.2.311

Trend Micro
TROJ_SPNR.11K414
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
34536

Zillya! Antivirus
Backdoor.Androm.Win32.12472
2.0.0.1976

File size:
72 KB (73,728 bytes)

Product version:
32.125.87.40

Copyright:
YZMHUBeV (C) eUtzVkOmsC

Original file name:
lZTgnsQSz.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\order_report_423489237498237982234234231.exe

File PE Metadata
Compilation timestamp:
11/4/2006 1:18:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:8/DPqoYVsuZGdUe5odyFSZu0aL/KDJJLg/UTdQmPmU65+LjiWzArPmRKCvnsjmZ3:0ssiG+HUkX/zPmBlW6iDP1oPaBkoSol

Entry address:
0xF5CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, 40, 00, 00, 80, 10, 00, 00, 00, 58, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 70, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5972

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
53.5 KB (54,784 bytes)

The file order_report_423489237498237982234234231.exe has been seen being distributed by the following URL.

https://btmail.bt.com/cp/applink/.../Downloader?dhid=attachmentDownloader&messageId=2160&accountName=DefaultMailAccount&folderPath=INBOX&contentDisposition=attachment&attachmentIndex=0&contentSeed=15d17&pct=20391&u=scott.mclellan&d=btinternet.com&t=6171d

Remove order_report_423489237498237982234234231.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.