penguin icycle 3.4 beta.exe

The executable penguin icycle 3.4 beta.exe has been detected as malware by 23 anti-virus scanners. The file has been seen being downloaded from download757.mediafire.com.
MD5:
719df962b3fc63e72ded6941c4e72fa7

SHA-1:
33808d2ac1973e4f837e31e773ee795762ae784d

SHA-256:
3392dda043a61f1643c4c46b0492fb91ef967044243d5994d59029825dd19b3e

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/26/2024 12:07:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.3002515
236

Agnitum Outpost
Packed/MEW
7.1.1

Avira AntiVirus
TR/Gendal.1195044
7.11.153.178

avast!
Win32:Malware-gen
2014.9-160613

AVG
mew
2017.0.2714

Bitdefender
Trojan.Generic.3002515
1.0.20.825

Comodo Security
Packed.Win32.Packer.~GEN
18463

Emsisoft Anti-Malware
Trojan.Generic.3002515
8.16.06.13.01

F-Prot
W32/Heuristic-210
v6.4.7.1.166

F-Secure
Trojan.Generic.3002515
11.2016-13-06_2

G Data
Trojan.Generic.3002515
16.6.24

K7 AntiVirus
Trojan
13.1712333

Malwarebytes
Backdoor.Bot
v2016.06.13.01

McAfee
Artemis!719DF962B3FC
5600.6370

MicroWorld eScan
Trojan.Generic.3002515
17.0.0.495

Norman
Suspicious_M.gen
11.20160613

nProtect
Trojan.Generic.3002515
14.06.05.01

Panda Antivirus
Trj/CI.A
16.06.13.01

Qihoo 360 Security
HEUR/Malware.QVM18.Gen
1.0.0.1015

Sophos
Mal/EncPk-BA
4.98

Trend Micro House Call
TROJ_GEN.F47V0605
7.2.165

Trend Micro
Cryp_MEW-11
10.465.13

VIPRE Antivirus
Trojan.Win32.Generic
30038

File size:
1.1 MB (1,195,044 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\penguin icycle 3.4 beta.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
24576:eCkgFRlzXtAB/sNUtr15koefJ65AV3HD/xn9izmDgQ:eYlMtKzfJ65y3HD/xnIzmDB

Entry address:
0xE3CA0B

Entry point:
E9, 44, 37, 1C, FF, 0C, 90, D1, 00, 00, 00, 00, 00, 00, 00, 00, 00, E2, C9, E3, 00, 0C, 90, D1, 00...
 
[+]

Entropy:
6.3871

Packer / compiler:
RLPack FullEdition V1.1X

Code size:
512 Bytes (512 bytes)

The file penguin icycle 3.4 beta.exe has been seen being distributed by the following URL.

Remove penguin icycle 3.4 beta.exe - Powered by Reason Core Security