rc7_cracked.exe

Microsoft

The executable rc7_cracked.exe has been detected as malware by 22 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn.discordapp.com.
Product:
Microsoft

Version:
1.0.0.0

MD5:
a7bc6af600cbb2dc3669b40f4bb57e52

SHA-1:
9a1f84e5ce400f3c42607ab17a7e2395ca786f76

SHA-256:
bc15dc2de999204647be1df5b3f2ff9d71c0ea8609231baf640714240673b9f9

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
12/25/2024 11:59:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.100075
181

AegisLab AV Signature
Troj.W32.Gen.lVvO
2.1.4+

AhnLab V3 Security
Trojan/Win32.Agent.R98018
3.7.5.15

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Zusy.D186EB
1.0.0.742

avast!
MSIL:Ainslot-F [Trj]
2014.9-160807

Bitdefender
Gen:Variant.Zusy.100075
1.0.20.1100

Emsisoft Anti-Malware
Gen:Variant.Zusy.100075
8.16.08.07.03

ESET NOD32
MSIL/Autorun.Spy.Agent.AU (variant)
10.13918

Fortinet FortiGate
MSIL/Injector.PE!tr
8/7/2016

F-Prot
W32/S-99a063a0
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.100075
11.2016-07-08_1

G Data
Gen:Variant.Zusy.100075
16.8.25

IKARUS anti.virus
MSIL
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.236.20476

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-211

Malwarebytes
Trojan.FakeMS.Gen
v2016.08.07.03

McAfee
Generic BackDoor.adv
5600.6315

MicroWorld eScan
Gen:Variant.Zusy.100075
17.0.0.660

Panda Antivirus
Trj/GdSda.A
16.08.07.03

Qihoo 360 Security
Win32/Trojan.881
1.0.0.1120

Sophos
Mal/MsilKlog-D
4.98

File size:
696.5 KB (713,216 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
Microsoft.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rc7_cracked.exe

File PE Metadata
Compilation timestamp:
8/5/2016 10:18:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:M/bhuGUWmS2VnqArsBQ5KjlOsD8zqb4/VhOwGrN+Aj79F029B:MdjUWmS2VnqArj5+D8zq2VwwGp+Aj79z

Entry address:
0xAEAEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
691 KB (707,584 bytes)

The file rc7_cracked.exe has been seen being distributed by the following URL.

Remove rc7_cracked.exe - Powered by Reason Core Security