photo_580-www.twitter.com.exe

The application photo_580-www.twitter.com.exe has been detected as a potentially unwanted program by 35 anti-malware scanners. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from proxyo.net.
MD5:
839907cf674d2d1a3c318c050a681643

SHA-1:
2b6588cce35c3033ad7690904d392b19af770556

SHA-256:
0601b7cfc5cb896303c081d4990ebece31ac9c3eb0658563f322484cedc896ed

Scanner detections:
35 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:15:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.246727
358

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.Jorik
16.02.11

Avira AntiVirus
TR/Graftor.3321549
7.11.151.204

avast!
Win32:FakeImg-D [Trj]
2014.9-160211

AVG
Inject
2017.0.2836

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.16211

Bitdefender
Gen:Variant.Kazy.246727
1.0.20.210

Bkav FE
W32.KeylogVerfyLTAS.Trojan
1.3.0.4959

Clam AntiVirus
Win.Adware.Downware-314
0.98/213

Comodo Security
UnclassifiedMalware
18347

Dr.Web
Trojan.DownLoader10.29331
9.0.1.042

Emsisoft Anti-Malware
Gen:Variant.Kazy.246727
8.16.02.11.07

ESET NOD32
Win32/Injector.AIFY (variant)
10.9857

Fortinet FortiGate
W32/Injector.AIFY
2/11/2016

F-Secure
Gen:Variant.Kazy.246727
11.2016-11-02_5

G Data
Gen:Variant.Kazy.246727
16.2.24

IKARUS anti.virus
Backdoor.Win32.Ruskill
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.178.12212

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.676

Malwarebytes
Backdoor.Bot
v2016.02.11.07

McAfee
RDN/Generic.dx!cp3
5600.6492

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.10600

MicroWorld eScan
Gen:Variant.Kazy.246727
17.0.0.126

NANO AntiVirus
Trojan.Win32.Graftor.cbbonw
0.28.0.59921

Norman
Troj_Generic.NZQWH
11.20160211

Panda Antivirus
Trj/Genetic.gen
16.02.11.07

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-GalPic
9329

Trend Micro House Call
TROJ_NAPOLAR.GH
7.2.42

Trend Micro
TROJ_NAPOLAR.GH
10.465.11

Vba32 AntiVirus
Trojan.Inject
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29680

Zillya! Antivirus
Trojan.Inject.Win32.60796
2.0.0.1803

File size:
338.6 KB (346,677 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

Common path:
C:\users\{user}\downloads\photo_580-www.twitter.com.exe

File PE Metadata
Compilation timestamp:
5/13/2013 12:04:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:bHIep0fx8NEUIFX9sMlmeROqjayoiMRIg2bMuhTQW6ZMUmHBgv9:boeO8NvIFXqeRO6xpNbn2V6VB69

Entry address:
0x1D188

Entry point:
E8, F0, 57, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 05, FD, FF, FF, C7, 06, F4, 71, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F4, 71, 42, 00, E9, BA, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F4, 71, 42, 00, E8, A7, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 10, CD, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
148 KB (151,552 bytes)

The file photo_580-www.twitter.com.exe has been seen being distributed by the following URL.

Remove photo_580-www.twitter.com.exe - Powered by Reason Core Security