profarma‮gpj.exe

MyImgur

MyImgur Programming Team.

The executable profarma‮gpj.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-10-cc-docs.googleusercontent.com.
Publisher:
MyImgur Programming Team.

Product:
MyImgur

Version:
5.11.2.0

MD5:
cef17bf0574e73229330a8e85cd83fe8

SHA-1:
216604d2e7e584801d1ac1d23402025a38b9e3de

SHA-256:
ee92565d0d9d266ccbebfac6c5a45dbcc3a592a92ceac7ed802564d3c8c24895

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
12/27/2024 7:37:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.200163
290

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Avira AntiVirus
TR/Dropper.MSIL.90432
7.11.181.214

avast!
MSIL:Injector-DK [Trj]
2014.9-160420

AVG
MSIL5
2017.0.2768

Baidu Antivirus
Trojan.MSIL.Kryptik
4.0.3.16420

Bitdefender
Gen:Variant.Kazy.200163
1.0.20.555

Emsisoft Anti-Malware
Gen:Variant.Kazy.200163
8.16.04.20.08

ESET NOD32
MSIL/Kryptik.LJ (variant)
10.10630

Fortinet FortiGate
MSIL/Kryptik.LJ!tr
4/20/2016

F-Secure
Gen:Variant.Kazy.200163
11.2016-20-04_4

G Data
Gen:Variant.Kazy.200163
16.4.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

Malwarebytes
Backdoor.Agent.MITGen
v2016.04.20.08

MicroWorld eScan
Gen:Variant.Kazy.200163
17.0.0.333

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.17844596!394544534
23.00.65.16418

File size:
785 KB (803,840 bytes)

Product version:
5.11.2.0

Copyright:
Copyright ©MyImgur Programming Team.

Trademarks:
MyImgur™. All rights reserved.

Original file name:
profarma.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\profarma%e2%80%aegpj.exe

File PE Metadata
Compilation timestamp:
8/16/2014 2:10:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:Fp/rOYmyWEfZhq1DI1qzlctDd5iWEc/dt:fDONyHc1nitZ5iW/j

Entry address:
0xC47FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9035

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
778.5 KB (797,184 bytes)

The file profarma‮gpj.exe has been seen being distributed by the following URL.

Remove profarma‮gpj.exe - Powered by Reason Core Security