setup_8_75_102_1_11.exe

Installation Help

Systems Inc

The executable setup_8_75_102_1_11.exe has been detected as malware by 3 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.whatsappbr.org and multiple other hosts.
Publisher:
Systems Inc

Product:
Installation Help

Version:
1.0.0.0

MD5:
00085f29851a36c135d0d0743132bb2d

SHA-1:
54f8c3177a5ac2bac8e0f279dc8039024084fbc0

SHA-256:
70c3b37d412fa3a6006991a62c14f34dd69d75d06655e24169361c631abfb4b5

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/30/2024 7:07:08 PM UTC  (today)

Scan engine
Detection
Engine version

Microsoft Security Essentials
TrojanDownloader:MSIL/FakeFlash.A
1.1.12300.0

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45526

File size:
235 KB (240,640 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
WindowsFormsApplication1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_8_75_102_1_11.exe

File PE Metadata
Compilation timestamp:
10/26/2015 8:21:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:9Xn0Z00n9DvAxaf8sxC2aINg4jMvHQuZzVLWzjuH:9cD4CPC2aINhiRJWnm

Entry address:
0x37ABE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
215 KB (220,160 bytes)

The file setup_8_75_102_1_11.exe has been seen being distributed by the following 3 URLs.

http://65.181.118.3/flashplayer_versoes.php

Remove setup_8_75_102_1_11.exe - Powered by Reason Core Security