receita_0.0.1.exe

Relatorios de Gastos

The executable receita_0.0.1.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from brasilinforeceita.com and multiple other hosts.
Publisher:
Microsoft*  (Invalid match)

Product:
Relatorios de Gastos

Description:
Relatorio Mensal

Version:
1.0.0.0

MD5:
7f12390325cf26bd426d5e5346b45f8c

SHA-1:
e1a3a8d1f2f18ea084f8ca897529741450072aa3

SHA-256:
5eb7d296f03fe2437cdf7ff6051bdc231fa98b5b3ac0fa31cca798ea07cffb4f

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
11/23/2024 11:40:54 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2669672
362

Avira AntiVirus
TR/Dldr.Agent.16896.88
8.3.2.2

Arcabit
Trojan.Generic.D28BC68
1.0.0.567

avast!
Win32:Malware-gen
2014.9-160207

Bitdefender
Trojan.GenericKD.2669672
1.0.20.190

Emsisoft Anti-Malware
Trojan.GenericKD.2669672
8.16.02.07.07

ESET NOD32
MSIL/TrojanDownloader.Banload.EQ (variant)
10.12296

F-Secure
Trojan.GenericKD.2669672
11.2016-07-02_1

G Data
Trojan.GenericKD.2669672
16.2.25

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.696

Malwarebytes
Trojan.Banload.MSIL
v2016.02.07.07

McAfee
Artemis!7F12390325CF
5600.6496

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload
1.1.12101.0

MicroWorld eScan
Trojan.GenericKD.2669672
17.0.0.114

nProtect
Trojan.GenericKD.2669672
15.09.24.01

Panda Antivirus
Generic Suspicious
16.02.07.07

Trend Micro
TROJ_GEN.R047C0DII15
10.465.07

File size:
16.5 KB (16,896 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Original file name:
Nostalgia.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\receita_0.0.1.exe

File PE Metadata
Compilation timestamp:
8/20/2015 7:42:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:+Slsj4nnoDCxLoWzw0OoCvQYyVVWg21AYcAe+m:T6ALbOoCvQYyLUAYcAe+m

Entry address:
0x3FEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 48, 00, 00, 80, 10, 00, 00, 00, 60, 00, 00, 80, 18, 00, 00, 00, 78, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 90, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 7F, 00, 00, A8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8 KB (8,192 bytes)

The file receita_0.0.1.exe has been seen being distributed by the following 4 URLs.

Remove receita_0.0.1.exe - Powered by Reason Core Security