home

Save.dat Stealer autobuilder.exe

Save.dat Stealer autobuilder

The executable Save.dat Stealer autobuilder.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www81.zippyshare.com.
Product:
Save.dat Stealer autobuilder

Version:
1.0.0.0

MD5:
b1048f040f55c89a2471a68f5172053a

SHA-1:
b70d9e111b97275e95f5f23b388d90afeb7b12ef

SHA-256:
8454a843c862f2cef07ff4ad84b24f4e82e8521acb00a094cf942d8b5f936123

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/28/2024 9:38:37 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
8.3.3.4

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1665

McAfee
Trojan.Artemis!B1048F040F55
18.0.204.0

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Vba32 AntiVirus
Trojan.MSIL.gen.11
3.12.26.4

File size:
108 KB (110,592 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Save.dat Stealer autobuilder.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\save.dat stealer autobuilder.exe

File PE Metadata
Compilation timestamp:
6/2/2016 5:42:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:9unM35+KSoMdvf2Ih68/USLbOYq2fv2aayB704eddeXZMZA:gsJeVf/USLCYlv2aardepM2

Entry address:
0x1BE4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
104 KB (106,496 bytes)

The file Save.dat Stealer autobuilder.exe has been seen being distributed by the following URL.

http://www81.zippyshare.com/d/EbzTH54m/.../Save.dat Stealer autobuilder.exe

Remove Save.dat Stealer autobuilder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.