home

screeshoot42323.scr

Microsoft Visual Studio Express 2012 для Windows Desktop - RUS

Корпорация Майкрософт

The file screeshoot42323.scr has been detected as malware by 12 anti-virus scanners. The file has been seen being downloaded from doc-0o-5g-docs.googleusercontent.com.
Publisher:
Корпорация Майкрософт

Product:
Microsoft Visual Studio Express 2012 для Windows Desktop - RUS

Version:
11.0.50727.42

MD5:
568b5faa1a0264ca522868b1e43d3877

SHA-1:
ac4675daf59da842807adc24d916e9eef445a4b4

SHA-256:
494d8981b5192e570da69f79385e53e347f6de7d5d6f27eded50f17dc9289851

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/26/2024 6:22:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2737436
473

Arcabit
Trojan.Generic.D29C51C
1.0.0.567

Bitdefender
Trojan.GenericKD.2737436
1.0.20.1460

Bkav FE
W32.HfsAtIST
1.3.0.7237

Emsisoft Anti-Malware
Trojan.GenericKD.2737436
8.15.10.19.07

ESET NOD32
Win32/Injector.Autoit.BUH
9.12296

F-Secure
Trojan.GenericKD.2737436
11.2015-19-10_2

G Data
Trojan.GenericKD.2737436
15.10.25

Microsoft Security Essentials
PWS:Win32/Fareit
1.1.12101.0

MicroWorld eScan
Trojan.GenericKD.2737436
16.0.0.876

nProtect
Trojan.GenericKD.2737436
15.09.25.01

Qihoo 360 Security
HEUR/QVM09.0.Malware.Gen
1.0.0.1015

File size:
1.5 MB (1,611,314 bytes)

Product version:
11.0.50727.42

Copyright:
Copyright (c) Корпорация Майкрософт. All rights reserved.

Original file name:
Application.exe

Common path:
C:\users\{user}\downloads\screeshoot42323.scr

File PE Metadata
Compilation timestamp:
9/8/2007 6:12:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:74dn5AZ+7VFysXvP8jMolwp245kiYVvUQAi5Ne77G4C3gSjtytu4hIRI9:In5AIDvP8byNkiYq5i5Ne/itytu4v

Entry address:
0x5282D

Entry point:
E8, 58, B1, 00, 00, E9, 17, FE, FF, FF, B8, AB, E4, 45, 00, A3, 38, 4E, 47, 00, C7, 05, 3C, 4E, 47, 00, A7, DB, 45, 00, C7, 05, 40, 4E, 47, 00, 65, DB, 45, 00, C7, 05, 44, 4E, 47, 00, 99, DB, 45, 00, C7, 05, 48, 4E, 47, 00, 0F, DB, 45, 00, A3, 4C, 4E, 47, 00, C7, 05, 50, 4E, 47, 00, 25, E4, 45, 00, C7, 05, 54, 4E, 47, 00, 25, DB, 45, 00, C7, 05, 58, 4E, 47, 00, 8F, DA, 45, 00, C7, 05, 5C, 4E, 47, 00, 1E, DA, 45, 00, C3, E8, 9B, FF, FF, FF, E8, 90, BC, 00, 00, 83, 7C, 24, 04, 00, A3, D4, 6A, 47, 00, 74, 05...
 
[+]

Code size:
399 KB (408,576 bytes)

The file screeshoot42323.scr has been seen being distributed by the following URL.

https://doc-0o-5g-docs.googleusercontent.com/docs/securesc/tdipvb9nbvgqa4t7afcspt4d6dt0s107/62qf70bj1cj9mtp57diqk63dbjbn52v2/1441987200000/03882887524634541821/.../0B65tBmqak2CGLUphdTBJNWkteEk?e=download&nonce=nouqasamrvvn4&user=05640418108359078374&hash=g396oub578o4n6tr0k1korqi6vaglek6

Remove screeshoot42323.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.