receitanet_irpf.exe

The executable receitanet_irpf.exe has been detected as malware by 19 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from ccs.infospace.com and multiple other hosts.
Version:
3.0.0.0

MD5:
391022155b4bf56309e335308ca86e9d

SHA-1:
5ab433017465bdeae43bbcfc55aec2ea1b273b53

SHA-256:
eaf559f016c9a710d01971023d89d99d85c77b11649be6573c13b876fc53a624

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
11/30/2024 10:19:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BJNY
504

Arcabit
Trojan.Agent.BJNY
1.0.0.545

AVG
Downloader.MSIL
2016.0.2982

Bitdefender
Trojan.Agent.BJNY
1.0.20.1305

Emsisoft Anti-Malware
Trojan.Agent.BJNY
8.15.09.18.05

ESET NOD32
MSIL/TrojanDownloader.Banload.ER (variant)
9.12271

Fortinet FortiGate
MSIL/Banload.ER!tr.dldr
9/18/2015

F-Secure
Trojan.Agent.BJNY
11.2015-18-09_6

G Data
Trojan.Agent.BJNY
15.9.25

K7 AntiVirus
Trojan-Downloader
13.210.17253

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1406

McAfee
Artemis!391022155B4B
5600.6638

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload.AA
1.1.12101.0

MicroWorld eScan
Trojan.Agent.BJNY
16.0.0.783

nProtect
Trojan.Agent.BJNY
15.09.17.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.15916

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
43844

File size:
208.5 KB (213,504 bytes)

Product version:
3.0.0.0

Copyright:
Copyright © 2015

Original file name:
Cvc.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
9/17/2015 6:49:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:DzJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qhqMbaGZ47K6HkQot+rEJGL0Ravtg:gWROJNhpeBUDnqvQPU1VJ9

Entry address:
0x34DFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2885

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
204 KB (208,896 bytes)

The file receitanet_irpf.exe has been seen being distributed by the following 6 URLs.

http://ccs.infospace.com/ClickHandler.ashx?ld=20150917&app=1&c=airziphosted2&s=airzip&rc=Airziphosted2&dc=&euip=186.206.254.65&pvaid=46cbd6f4828444c58090a47a1df01353&dt=Desktop&fct.uid=01f17aed238642e4a5cee8fe72649cc0&en=L3uXZvn7lGF09wP1dEnENq5 IIHV5AYv1il2txOdiFblfEEDV6S ZLY1/WvRnRIS&du=www.receita.fazenda.gov.br&ru=http://r.search.yahoo.com/cbssclk/dWU9NjQyQzcxMzkxQjE0NDBFMyZ1dD0xNDQyNTE4MzA0NDEwJnVvPTkyMjY0NjcyMTImbHQ9Mg--/RV=2/RE=1442547104/RO=10/RU=http://3283984.r.msn.com/?ld=d3vCgZisJ7Lk-8W7Y5IDpahTVUCUxxCWLhTfY1MIHul4rETI4NuMrtx1PjN2UCLdqoqin_ih2ZdL9IArWPU97tBrqqcwrBG5kpB8Cmw2I7OB8Lyxd1vND9yhPxcTf38Xd8yqFkmHl0TuHPOzVS8U4gJZcgefU&u=104.155.36.129%2freceita.php/.../RS=O1t9X4NyOixA_zUH3LDcrlKQNIk-&ap=1&coi=239134&cop=topnav&npp=0&p=1&pp=1&ep=1&mid=9&hash=50EF186C75003432BF3CFA101F3D6FB7

https://technologiesaintjoseph.com/ads_redirect.php?affiliate_id=1402&v=d1.51.1.16&feed=13&uadid=144251638935254976&position=top&retargeting=0&retargeting_timestamp=0&retargeting_count=0&keywords=whatsapp para pc&url=http://.../clicklink.php?qry=49a4531faab10a6fe0e01a2c24ad607a9e65cd3025d44f980bf759c6cb59982d39aff358146611a4d3b205eda09b4fc190ccc005ea6ac0584f85cb9cbbd679cfd36761064a28b79f88ebb4c08eea302c0c6df803405405edfb63f96d6742e8511659bda67eb54565db6b1de3e27aa310ed648346ae75604bc8e5d43f0358f4486bcc941872cd315e848fa5fb3188a7e9766c798ba49e97f76ef62a27f6cb139136d10007f1effd3fb5e6402d460da6d8e383ab5e613c91bfd0bf2f9a2f88fa7b38e66ce08f410d6fa5ef82df8766473ca6082eb7d791be64e08b4bcdc1deecbf519b3349c9a3bbfe1307d9315f4847256bd3116c02c324809e20cd8be73a0db114e8e6d631897053a71320b678c4a223c657a2c8c98fa13313c768d7654927f20c0031d4db475f21da5c70e19ce56b47869bd2057fb23ac1abaf33966f21ab1d5aaaeeed31777825f5e98d79e5926e9857ffbe1ddce6f658511719dc45ff4d9b1058024fc095c73717d6593388e57401276de9

http://3283984.r.msn.com/.../whatsapp.php

Remove receitanet_irpf.exe - Powered by Reason Core Security