» rank.exe
Overview
Analysis
File Details
Behaviors (1)

rank.exe

UNINFO SISTEMAS LTDA ME

The executable rank.exe has been detected as malware by 19 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MidiaCenter’.

File name:

rank.exe

Publisher:

UNINFO SISTEMAS LTDA ME (signed and verified)

Version:

5.0.0.0

MD5:

d0db3324bd7a90d7d1dd577d061a7128

SHA-1:

41e8183c76d75c2080a351d19214653662a3998e

SHA-256:

b89f55b0341670c9276ace73e66ba3547ca31f823144521d03c3d3fd0df326c5

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

11/15/2024 5:40:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Spy.Banker.ADDH

390

Agnitum Outpost

Trojan.PWS.Banbra

7.1.1

Avira AntiVirus

TR/Agent.5632.1066

8.3.2.4

avast!

Win32:Banker-MOH [Trj]

2014.9-160111

Comodo Security

UnclassifiedMalware

23863

Dr.Web

Trojan.Siggen6.52084

9.0.1.011

ESET NOD32

Win32/Spy.Banker.ACDG (variant)

10.12786

Fortinet FortiGate

W32/Banker.ACDG!tr.spy

1/11/2016

G Data

Win32.Trojan.Agent.36DVY6

16.1.25

IKARUS anti.virus

Trojan-Spy.Agent

t3scan.1.9.5.0

K7 AntiVirus

Spyware

13.212.18240

Kaspersky

Trojan-Banker.Win32.Banbra

14.0.0.835

Malwarebytes

Trojan.Symmi

v2016.01.11.12

McAfee

Artemis!D0DB3324BD7A

5600.6524

MicroWorld eScan

Trojan.Spy.Banker.ADDH

17.0.0.33

Panda Antivirus

Generic Suspicious

16.01.11.12

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16109

Vba32 AntiVirus

TrojanBanker.Banbra

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

46116

File size:

11.2 MB (11,712,520 bytes)

Product version:

5.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Maltês (Malta)

Common path:

C:\users\{user}\appdata\roaming\rank.exe

Digital Signature

Signed by:

UNINFO SISTEMAS LTDA ME

Authority:

thawte, Inc.

Valid from:

11/8/2015 9:00:00 PM

Valid to:

9/24/2016 8:59:59 PM

Subject:

CN=UNINFO SISTEMAS LTDA ME, O=UNINFO SISTEMAS LTDA ME, L=chapeco, S=santa catarina, C=BR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

355DD32E9A65DA38442099F9BEC250EB

File PE Metadata

Compilation timestamp:

11/24/2015 7:47:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:0iN69xYe1QlY3r7ElfEZ1BKIcWgDyPQMWS:0iWwEZKIcWwyIMW

Entry address:

0x2EC504

Entry point:

55, 8B, EC, 83, C4, F0, B8, 30, F8, 6D, 00, E8, 48, 1D, D2, FF, A1, B0, C5, 6F, 00, 8B, 00, E8, 20, D2, EB, FF, A1, B0, C5, 6F, 00, 8B, 00, C6, 40, 6F, 00, 8B, 0D, 64, BC, 6F, 00, A1, B0, C5, 6F, 00, 8B, 00, 8B, 15, E4, AB, 6C, 00, E8, 15, D2, EB, FF, A1, B0, C5, 6F, 00, 8B, 00, E8, 65, D3, EB, FF, E8, 30, DA, D1, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.9 MB (3,059,200 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MidiaCenter

Command:

C:\users\{user}\appdata\roaming\rank.exe

Remove rank.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.