screen_72891.exe

The executable screen_72891.exe has been detected as malware by 20 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from steamcommunity.com.
MD5:
c8adf123c7682754c03301e17c6572f1

SHA-1:
efe3ef7e18eff96d4255c417b0423f0d33b0e66a

SHA-256:
eadfcb4b7ba97363d2241ead5d8905b0d4c4ee99a7f33c4169f580b5f2fd7cc0

Scanner detections:
20 / 68

Status:
Malware

Analysis date:
11/23/2024 9:28:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.624700
191

Agnitum Outpost
Trojan.Inject
7.1.1

Avira AntiVirus
TR/Gocotoya.A.29
8.3.1.6

Arcabit
Trojan.Kazy.D9883C
1.0.0.425

avast!
Win32:Malware-gen
2014.9-160727

Baidu Antivirus
Trojan.MSIL.Inject
4.0.3.16727

Bitdefender
Gen:Variant.Kazy.624700
1.0.20.1045

Emsisoft Anti-Malware
Gen:Variant.Kazy.624700
8.16.07.27.08

ESET NOD32
MSIL/Injector.JYU (variant)
10.11742

Fortinet FortiGate
W32/Inject.BVPV!tr
7/27/2016

F-Secure
Gen:Variant.Kazy.624700
11.2016-27-07_4

G Data
Gen:Variant.Kazy.624700
16.7.25

K7 AntiVirus
Riskware
13.204.16151

Kaspersky
Trojan.MSIL.Inject
14.0.0.-159

MicroWorld eScan
Gen:Variant.Kazy.624700
17.0.0.627

NANO AntiVirus
Trojan.Win32.Inject.dsnese
0.30.24.1636

Panda Antivirus
Generic Suspicious
16.07.27.08

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
40862

File size:
682 KB (698,368 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\screen_72891.exe

File PE Metadata
Compilation timestamp:
5/29/2015 4:35:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:EBTrECn5afbDHzEefSShcRUWNdIdHV8OKN8dO4DTmSY0IBBkPh:9CUDDTEerS5NqV8OOEZD6SreBCh

Entry address:
0x670BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
404.5 KB (414,208 bytes)

The file screen_72891.exe has been seen being distributed by the following URL.

Remove screen_72891.exe - Powered by Reason Core Security