» screen_3791.scr
Overview
Analysis
File Details
Downloads (1)

screen_3791.scr

stmfkDownloader

The file screen_3791.scr has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from doc-08-9c-docs.googleusercontent.com.

File name:

screen_3791.scr

Product:

stmfkDownloader

Version:

1.0.0.0

MD5:

bf9c63bc978577a0a8b4599058c85dc8

SHA-1:

7687669cafbed9515737d556c0663fb9df5b5f1d

SHA-256:

0f80dc5803119f8d96e862350748ba4a15b2eb1b78433aaaf44f22cca918e77a

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

11/25/2024 6:56:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13014422

659

Avira AntiVirus

TR/Rogue.550912.13

3.6.1.96

avast!

Win32:Malware-gen

2014.9-150417

AVG

Luhe.Fiha.A

2016.0.3137

Bitdefender

Trojan.Generic.13014422

1.0.20.535

Emsisoft Anti-Malware

Trojan.Generic.13014422

8.15.04.17.05

F-Secure

Trojan.Generic.13014422

11.2015-17-04_6

G Data

Trojan.Generic.13014422

15.4.25

Malwarebytes

Spyware.OnlineGames

v2015.04.17.05

McAfee

Artemis!BF9C63BC9785

5600.6793

MicroWorld eScan

Trojan.Generic.13014422

16.0.0.321

nProtect

Trojan.Generic.13014422

15.03.31.01

Trend Micro House Call

TROJ_GEN.R00UH09CT15

7.2.107

File size:

538 KB (550,912 bytes)

Product version:

1.0.0.0

Original file name:

stmfkDownloader.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\screen_3791.scr

File PE Metadata

Compilation timestamp:

3/16/2015 8:01:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:4CS5YcCQ7iLsjVaHkiyYNe3VFi1ROw3F6ZrjybSCS5YcCQ7iLsjVaHkiyYNe3VFU:j0oLNaO0oLNa

Entry address:

0x45A4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 16, BF, 06, 55, 00, 00, 00, 00, 02, 00, 00, 00, 5E, 00, 00, 00, 90, 5A, 04, 00, 90, 3C, 04, 00, 52, 53, 44, 53, C0, 2A, 06, 3B, 90, F5, DD, 47, 8F, D6, 7A, 9D, 25, C6, AF, 23, 10, 00, 00, 00, 67, 3A, 5C, 57, 6F, 72, 6B, 5C, 73, 74, 6D, 66, 6B, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65, 72, 5C, 73, 74, 6D, 66, 6B, 44, 6F, 77, 6E, 6C, 6F, 61, 64, 65... 
[+]

Entropy:

5.8071

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

271 KB (277,504 bytes)

The file screen_3791.scr has been seen being distributed by the following URL.

https://doc-08-9c-docs.googleusercontent.com/docs/securesc/nfhbgopn6r381ssifl75k2dt45q4kb7c/ead4po3o2rpbic9lrgkcu58qcjt7510o/1427716800000/01566699655336518151/.../0B_W5dO5DXWXTT2hhcFZsbVlydFk?e=download&nonce=rvqrhqpe139gs&user=08897163926046308176&hash=qfnl302t7t9dukgsr9bjkm30m847vdrs

Remove screen_3791.scr - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.