home

pakistani-girls-mobile-data.exe

Pakistani Girls Mobile Data

The executable pakistani-girls-mobile-data.exe, “Pakistani Girls Mobile Data 1.9.5 Installation ” has been detected as malware by 11 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from onlinestudy.pk.
Publisher:
Pakistani Girls Mobile Data

Description:
Pakistani Girls Mobile Data 1.9.5 Installation

Version:
1.9.5

MD5:
e902118a390dafec55ddd8bcff56af7e

SHA-1:
2a5b1169b05e6b1001e8c317b14e943d8d8298d3

SHA-256:
3524c17cc0d3e82b49588360dd7346994d15aa1e78652868822af4adceaf2bc0

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 8:21:30 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4591

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!C800A563539F
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.2192.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

VIPRE Antivirus
Threat.4721115
50170

File size:
272.1 KB (278,588 bytes)

Copyright:
Pakistani Girls Mobile Data

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pakistani-girls-mobile-data.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:yZABbWqsE/Ao+mv8Qv0LVmwq4FU00oy6XmONdIL/7qhTMFai:0ANwRo+mv8QD4+0016XVPzhT8X

Entry address:
0x25468

Entry point:
60, E8, 00, 00, 00, 00, 5A, 00, C5, 0F, C1, EE, 0F, C1, CD, 84, C1, 2C, DA, 8D, 05, 5B, E2, C4, 1C, 33, FF, 2B, DB, 20, D0, 85, DD, 81, F3, 65, 00, 00, 00, C0, E4, AD, 69, DB, BD, 02, 00, 00, 20, C5, B9, D3, F1, 57, 6F, 0F, C1, DA, C0, D8, E7, 81, EA, 46, 0A, 00, 00, 52, C3, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1725

Packer / compiler:
ASPack v1.08.04

Code size:
145.5 KB (148,992 bytes)

The file pakistani-girls-mobile-data.exe has been seen being distributed by the following URL.

http://onlinestudy.pk/.../click.php?id=3

Remove pakistani-girls-mobile-data.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.