rank.exe

UNINFO SISTEMAS LTDA ME

The executable rank.exe has been detected as malware by 19 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MidiaCenter’.
Publisher:
UNINFO SISTEMAS LTDA ME  (signed and verified)

Version:
5.0.0.0

MD5:
d0db3324bd7a90d7d1dd577d061a7128

SHA-1:
41e8183c76d75c2080a351d19214653662a3998e

SHA-256:
b89f55b0341670c9276ace73e66ba3547ca31f823144521d03c3d3fd0df326c5

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
12/30/2024 7:05:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Spy.Banker.ADDH
390

Agnitum Outpost
Trojan.PWS.Banbra
7.1.1

Avira AntiVirus
TR/Agent.5632.1066
8.3.2.4

avast!
Win32:Banker-MOH [Trj]
2014.9-160111

Comodo Security
UnclassifiedMalware
23863

Dr.Web
Trojan.Siggen6.52084
9.0.1.011

ESET NOD32
Win32/Spy.Banker.ACDG (variant)
10.12786

Fortinet FortiGate
W32/Banker.ACDG!tr.spy
1/11/2016

G Data
Win32.Trojan.Agent.36DVY6
16.1.25

IKARUS anti.virus
Trojan-Spy.Agent
t3scan.1.9.5.0

K7 AntiVirus
Spyware
13.212.18240

Kaspersky
Trojan-Banker.Win32.Banbra
14.0.0.835

Malwarebytes
Trojan.Symmi
v2016.01.11.12

McAfee
Artemis!D0DB3324BD7A
5600.6524

MicroWorld eScan
Trojan.Spy.Banker.ADDH
17.0.0.33

Panda Antivirus
Generic Suspicious
16.01.11.12

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16109

Vba32 AntiVirus
TrojanBanker.Banbra
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46116

File size:
11.2 MB (11,712,520 bytes)

Product version:
5.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Maltês (Malta)

Common path:
C:\users\{user}\appdata\roaming\rank.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
11/8/2015 9:00:00 PM

Valid to:
9/24/2016 8:59:59 PM

Subject:
CN=UNINFO SISTEMAS LTDA ME, O=UNINFO SISTEMAS LTDA ME, L=chapeco, S=santa catarina, C=BR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
355DD32E9A65DA38442099F9BEC250EB

File PE Metadata
Compilation timestamp:
11/24/2015 7:47:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:0iN69xYe1QlY3r7ElfEZ1BKIcWgDyPQMWS:0iWwEZKIcWwyIMW

Entry address:
0x2EC504

Entry point:
55, 8B, EC, 83, C4, F0, B8, 30, F8, 6D, 00, E8, 48, 1D, D2, FF, A1, B0, C5, 6F, 00, 8B, 00, E8, 20, D2, EB, FF, A1, B0, C5, 6F, 00, 8B, 00, C6, 40, 6F, 00, 8B, 0D, 64, BC, 6F, 00, A1, B0, C5, 6F, 00, 8B, 00, 8B, 15, E4, AB, 6C, 00, E8, 15, D2, EB, FF, A1, B0, C5, 6F, 00, 8B, 00, E8, 65, D3, EB, FF, E8, 30, DA, D1, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.9 MB (3,059,200 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MidiaCenter

Command:
C:\users\{user}\appdata\roaming\rank.exe


Remove rank.exe - Powered by Reason Core Security