SkyNet - Gerador de Cartão de Crédito.exe

SkyNet

SkyNet Survive

The executable SkyNet - Gerador de Cartão de Crédito.exe, “SkyNet - Gerador de Cartão de Crédito” has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1919.mediafire.com and multiple other hosts.
Publisher:
SkyNet Survive

Product:
SkyNet

Description:
SkyNet - Gerador de Cartão de Crédito

Version:
1.0.0.0

MD5:
a133132a6c3fbbd4484657bfe1688976

SHA-1:
2660055fa7579b5ae196ecac92e041cfaa304a2c

SHA-256:
53baaff3a9d2e3bffd9f111a86e40f658fe9e34573d240ba251c6f3c33523c4d

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
12/25/2024 6:14:05 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/MSIL.SpyBanker.CA
3.6.1.96

F-Prot
W32/Trojan5.LWZ
v6.4.7.1.166

IKARUS anti.virus
Trojan.MSIL.SpyBanker
t3scan.1.8.9.0

McAfee
Artemis!A133132A6C3F
5600.6764

Norman
Suspicious_Gen4.IIBSG
11.20150515

Trend Micro House Call
Suspicious_GEN.F47V0413
7.2.135

File size:
1 MB (1,092,608 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
SkyNet - Gerador de Cartão de Crédito.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\skynet - gerador de cartão de crédito.exe

File PE Metadata
Compilation timestamp:
8/9/2014 7:33:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:hDiHyazWsMzPanWOdJC+oL6WJBVOrHIOkWJBVOrH:REWsCP0WOjC+LYzOrIXYzOr

Entry address:
0xDB75E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
870 KB (890,880 bytes)

The file SkyNet - Gerador de Cartão de Crédito.exe has been seen being distributed by the following 12 URLs.

http://download1919.mediafire.com/uqp6y2dy3reg/.../SkyNet - Gerador de Cartão de Crédito.exe

http://download1404.mediafire.com/zhi7nkcupjxg/.../SkyNet - Gerador de Cartão de Crédito.exe

http://download629.mediafire.com/emar9p8qfd3g/.../SkyNet - Gerador de Cartão de Crédito.exe

http://download629.mediafire.com/dxm1v8bt7r7g/.../SkyNet - Gerador de Cartão de Crédito.exe

http://download629.mediafire.com/27mn7669m6vg/.../SkyNet - Gerador de Cartão de Crédito.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:80)

TCP (HTTP):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:80)

TCP (HTTP):
Connects to 123-125-232-198.static.unitasglobal.net  (198.232.125.123:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP SSL):
Connects to bam-6.nr-data.net  (162.247.242.18:443)

TCP (HTTP):

TCP (HTTP):
Connects to gru10s01-in-f14.1e100.net  (172.217.29.142:80)

TCP (HTTP SSL):
Connects to cb-in-f154.1e100.net  (64.233.186.154:443)

TCP (HTTP):

TCP (HTTP):
Connects to 94.31.29.55.IPYX-077437-ZYO.above.net  (94.31.29.55:80)

Remove SkyNet - Gerador de Cartão de Crédito.exe - Powered by Reason Core Security