screenshot.png .exe

wNBizlON

Dinosaur

The executable screenshot.png .exe has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from goo.gl.
Publisher:
Dinosaur  (signed and verified)

Product:
wNBizlON

Version:
3.7.3.4

MD5:
51e7ddefeabf03656ad8c979f9eb0309

SHA-1:
5f2d7407e8f0863357cfdf70f06b0849ce1663e0

SHA-256:
31e9675a137f0251ef67cf3de9467b3c99bd18911d195fe04f64f8667d24a0f0

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
11/8/2024 12:42:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.13122047
91

Avira AntiVirus
TR/Injector.526864
3.6.1.96

AVG
MSIL7
2017.0.2569

Bitdefender
Trojan.Generic.13122047
1.0.20.1550

Emsisoft Anti-Malware
Trojan.Generic.13122047
8.16.11.05.10

ESET NOD32
MSIL/Injector.IXP (variant)
10.11436

Fortinet FortiGate
MSIL/IXP!tr
11/5/2016

F-Secure
Trojan.Generic.13122047
11.2016-05-11_7

G Data
Trojan.Generic.13122047
16.11.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15510

McAfee
Artemis!51E7DDEFEABF
5600.6225

MicroWorld eScan
Trojan.Generic.13122047
17.0.0.930

nProtect
Trojan.Generic.13122047
15.04.07.01

Trend Micro House Call
Suspicious_GEN.F47V0404
7.2.310

VIPRE Antivirus
Trojan.Win32.Generic
39136

File size:
514.5 KB (526,864 bytes)

Product version:
3.7.3.4

Copyright:
Copyright wNBizlON © 2015

Original file name:
wNBizlON.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\screenshot.png .exe

Digital Signature
Signed by:

Authority:
getaCert - www.getacert.com

Valid from:
4/1/2015 10:58:13 PM

Valid to:
5/31/2015 10:58:13 PM

Subject:
E=LOL@run.away, CN=Melaldon, OU=Carnivore, O=Dinosaur, L=Cali, S=Pandora, C=NL

Issuer:
O=getaCert - www.getacert.com, L=Seattle, S=Washington, C=US

Serial number:
0DF6

File PE Metadata
Compilation timestamp:
4/3/2015 12:25:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:rdc7+Sz5BGPBsky+7wcNToXsMELeB32J0u2Rbq8ViU:ra7+SDGNtdp6BuU

Entry address:
0x7614E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7766

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
464.5 KB (475,648 bytes)

The file screenshot.png .exe has been seen being distributed by the following URL.

http://goo.gl/TsomOX

Remove screenshot.png .exe - Powered by Reason Core Security