privatevid8564345-mp4.exe

The executable privatevid8564345-mp4.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from docs.google.com and multiple other hosts.
MD5:
bbc6840d248b78aac7991e33dfe6d4b3

SHA-1:
b362129de48c9cf5d9de5db42afa079b43604ac7

SHA-256:
b22c2f44bf73d7f5e1cc9afcc09458ab0befea54c4e60f2cb54aedbc99fdc4e3

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
11/17/2024 11:34:51 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.150559
900

Avira AntiVirus
TR/Graftor.150559.2
7.11.167.202

avast!
JS:Agent-DDH [Trj]
2014.9-140818

AVG
SHeur4
2015.0.3378

Baidu Antivirus
Trojan.Script.Generic
4.0.3.14818

Bitdefender
Gen:Variant.Graftor.150559
1.0.20.1150

Bkav FE
HW32.InfFil
1.3.0.4959

Comodo Security
UnclassifiedMalware
19229

Dr.Web
Trojan.Facebook.313
9.0.1.0230

Emsisoft Anti-Malware
Gen:Variant.Graftor.150559
8.14.08.18.03

ESET NOD32
Win32/TrojanDropper.Delf.OGG
8.10271

F-Secure
Gen:Variant.Graftor.150559
11.2014-18-08_2

G Data
Gen:Variant.Graftor.150559
14.8.24

IKARUS anti.virus
Trojan-PSW.Win32.Agent
t3scan.1.7.5.0

K7 AntiVirus
Backdoor
13.183.13054

Kaspersky
HEUR:Trojan.Script.Generic
14.0.0.3387

Malwarebytes
Trojan.Downloader.FMP
v2014.08.18.03

McAfee
Artemis!BBC6840D248B
5600.7034

Microsoft Security Essentials
Trojan:JS/Sorac.A
1.10802

MicroWorld eScan
Gen:Variant.Graftor.150559
15.0.0.690

NANO AntiVirus
Trojan.Win32.Facebook.ddwcaa
0.28.2.61519

Norman
Troj_Generic.VJLAQ
11.20140818

Qihoo 360 Security
Win32/Trojan.71c
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.172714B4!388437172
23.00.65.14816

Trend Micro House Call
TROJ_GEN.R047B01HH14
7.2.230

File size:
534 KB (546,816 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\privatevid8564345-mp4.exe

File PE Metadata
Compilation timestamp:
7/30/2014 6:14:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
12288:2bFfQOdvr5HbSFAImdMkjvnJcqoS/gFHsol:GFfQOdDlxImdzbJ6Fpl

Entry address:
0x9BB30

Entry point:
60, BE, 15, E0, 43, 00, 8D, BE, EB, 2F, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, A3, 89, 09, 00, 57, 83, C3, 04, 53, 68, 0A, DB, 05, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
380 KB (389,120 bytes)

The file privatevid8564345-mp4.exe has been seen being distributed by the following 12 URLs.

https://docs.google.com/uc?authuser=0&id=0B8Td-RAt-dihN000dExTZFR4SDQ&export=download?16265294

https://docs.google.com/uc?authuser=0&id=0B8Td-RAt-dihVTZLbEgxak5ORTQ&export=download?87943258

https://docs.google.com/uc?authuser=0&id=0B8Td-RAt-diheldxMUtTS3hNeWc&export=download?35851351

https://docs.google.com/uc?authuser=0&id=0B8Td-RAt-dihd3RVYncxeTZmTDA&export=download?7539963

https://docs.google.com/uc?authuser=0&id=0B8Td-RAt-dihVkpFXzJBZWlsQUU&export=download?56447507

https://docs.google.com/uc?authuser=0&id=0B8Td-RAt-dihdExwWUhTbGpKQmc&export=download?9508635

Remove privatevid8564345-mp4.exe - Powered by Reason Core Security