» skyfilmes_player.exe
Overview
Analysis
File Details
Downloads (1)

skyfilmes_player.exe

Backup

The executable skyfilmes_player.exe has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from skyfilmess.com.

File name:

Publisher:

Backup

Description:

Backup for

Version:

0.0.0.1

MD5:

5e9eb7403bef5c6e69eb931ce0cea844

SHA-1:

d542b344eec0879deaadce5ae9e962decb771828

SHA-256:

1c2a5ce080390a1f695a387d6ca455b0d995103bc3459df339032cfa921a3856

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

11/15/2024 12:28:01 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.101775

388

Agnitum Outpost

Trojan.PWS.BestaFera

7.1.1

Avira AntiVirus

TR/Samca.A.814

8.3.2.4

Arcabit

Trojan.Strictor.D18D8F

1.0.0.642

Bitdefender

Gen:Variant.Strictor.101775

1.0.20.65

Comodo Security

TrojWare.Win32.TrojanDownloader.Delf.gen

23912

Emsisoft Anti-Malware

Gen:Variant.Strictor.101775

8.16.01.13.06

Fortinet FortiGate

W32/BestaFera.FZW!tr

1/13/2016

F-Secure

Gen:Variant.Strictor.101775

11.2016-13-01_4

G Data

Gen:Variant.Strictor.101775

16.1.25

K7 AntiVirus

Trojan

13.212.18305

Kaspersky

Trojan-Banker.Win32.BestaFera

14.0.0.824

MicroWorld eScan

Gen:Variant.Strictor.101775

17.0.0.39

Panda Antivirus

Trj/CI.A

16.01.13.06

Qihoo 360 Security

Win32/Trojan.4ec

1.0.0.1077

Quick Heal

(Suspicious) - DNAScan

1.16.14.00

Sophos

Mal/Generic-S

4.98

File size:

612.5 KB (627,200 bytes)

Product version:

Backup

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\skyfilmes_player.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:hupyJmxnWjr39c+o0jVgIeJaZ2ITNrDwH0dli0Hju:MpcmxnWjr39cpmgIwaNHbdli0HS

Entry address:

0x1000

Entry point:

68, 01, A0, 48, 00, E8, 01, 00, 00, 00, C3, C3, 7B, 5E, 29, 66, 46, EF, 3C, 36, 46, FB, EA, 15, 22, 17, 80, C2, B0, 83, 36, 46, 3E, E8, E7, BD, D4, 5C, 83, 84, 37, D9, E8, 7E, B9, 8E, D1, 7C, 29, FC, 54, 9F, 40, 16, F2, 6B, 35, AE, 9B, 30, 2A, 6A, AB, D9, 30, E6, 1A, B8, FD, 50, 2A, DB, 72, 50, 2D, 86, DF, 14, AE, E9, EC, FB, 41, 25, B2, C6, 02, E1, B7, 0F, FD, 1C, B6, 35, 3E, 17, 53, E6, A1, 10, 6D, 7D, 60, 37, 9C, 10, 8C, 20, 3F, 69, C3, 57, 50, 01, AB, 56, B9, 3C, AE, C2, 7E, 41, 81, 6A, 64, 4B, 68, 91... 
[+]

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

344 KB (352,256 bytes)

The file skyfilmes_player.exe has been seen being distributed by the following URL.

http://skyfilmess.com/SkyFilmes_Player.exe

Remove skyfilmes_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.