setup540345325.exe

The executable setup540345325.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from servicosdo.sslblindado.com and multiple other hosts.
Version:
0.0.0.0

MD5:
2927f817419269516448af857e058fd3

SHA-1:
e1e267b1c313f955e686fd5e36059b57e5332928

SHA-256:
1597e090e408fb26647aa55e0b3403893d2373e2e60d325ca569304acf710f9d

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
11/14/2024 8:52:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.773206
403

Arcabit
Trojan.Kazy.DBCC56
1.0.0.637

AVG
Downloader.MSIL
2016.0.2881

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.151228

Bitdefender
Gen:Variant.Kazy.773206
1.0.20.1810

Emsisoft Anti-Malware
Gen:Variant.Kazy.773206
8.15.12.28.06

ESET NOD32
MSIL/TrojanDownloader.Agent.BGK (variant)
9.12773

Fortinet FortiGate
MSIL/Agent.BGK!tr.dldr
12/28/2015

F-Secure
Gen:Variant.Kazy.773206
11.2015-28-12_2

G Data
Gen:Variant.Kazy.773206
15.12.25

McAfee
Artemis!2927F8174192
5600.6537

MicroWorld eScan
Gen:Variant.Kazy.773206
16.0.0.1086

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151226

File size:
356 KB (364,544 bytes)

Product version:
0.0.0.0

Original file name:
Loader-GMGRWGPXSC.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup540345325.exe

File PE Metadata
Compilation timestamp:
12/24/2015 11:47:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:tTLr7qpgIhk346/DjSEYoqqLSGGjGgGPvRGGNPG4GgGuMGGoGGE/o/dfGGTGGWa7:hc2fnV+g/MtPz+wA

Entry address:
0x57D7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
344 KB (352,256 bytes)

The file setup540345325.exe has been seen being distributed by the following 2 URLs.

http://65.181.118.3/flashplayer_versoes.php

Remove setup540345325.exe - Powered by Reason Core Security