planilha_pt.exe

WINDOWS NT

WINDOWS 2016

The executable planilha_pt.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from bitly.com.
Publisher:
WINDOWS 2016

Product:
WINDOWS NT

Description:
WINDOWS 2016

Version:
2.0.0.0

MD5:
4801aaab44f202f69f7f626759475925

SHA-1:
fc1108d51474499f1cb375a8e1224f0183bb562c

SHA-256:
eb988924d3d1b5293d088bf54a89acf82441e6e45907ff2839d5cbfa345f8aec

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/24/2024 11:23:16 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen.lXRd
2.1.4+

AhnLab V3 Security
Trojan/Win32.MSIL
2016.04.20

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16419

ESET NOD32
MSIL/Spy.Banker.DO (variant)
10.13360

Fortinet FortiGate
MSIL/SpyBanker.DN!tr
4/19/2016

Kaspersky
Trojan-Spy.MSIL.Tpyn
14.0.0.335

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

File size:
1.1 MB (1,134,592 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 2018

Original file name:
NOVO_LOAD_FANDANGOS_44.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\planilha_pt.exe

File PE Metadata
Compilation timestamp:
4/19/2016 3:26:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:rxL9LG9wQrUhkb7sUhWhT7I+zvSnmuhmEoS+oejP6V/a6iVoT4baN/efMjUWPXFY:rxL9a9drUhkb7sUkhXBTSZmEoS+ozV9U

Entry address:
0x115BDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 47, 78, 16, 57, 00, 00, 00, 00, 02, 00, 00, 00, 8A, 00, 00, 00, 1C, 60, 11, 00, 1C, 40, 11, 00, 52, 53, 44, 53, AC, 31, 47, AC, B1, 01, 54, 45, 9E, 50, 51, C6, 2F, EB, 6C, FD, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 4D, 61, 72, 69, 61, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F, 20, 32, 30, 30...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,129,472 bytes)

The file planilha_pt.exe has been seen being distributed by the following URL.

Remove planilha_pt.exe - Powered by Reason Core Security