trojan.exe

The executable trojan.exe has been detected as malware by 31 anti-virus scanners. The file has been seen being downloaded from dc369.4shared.com.
Version:
0.0.0.0

MD5:
9aa8c7f90cad502ecdd51513cc82e6ea

SHA-1:
61f0befaeeb0e764cafad9f984aadeb8011f9fc1

SHA-256:
be4cd86af574d3a5886d344ebabd66ddf89cf93ff3e1b305fdbe9d2c6a3ba559

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
11/30/2024 9:23:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Barys.3152
382

Agnitum Outpost
Trojan.MulDrop
7.1.1

Avira AntiVirus
TR/Inject.ajtp
7.11.186.112

avast!
MSIL:Injector-GS [Trj]
2014.9-160118

AVG
ILCrypt
2017.0.2860

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.16118

Bitdefender
Gen:Variant.Barys.3152
1.0.20.90

Comodo Security
TrojWare.MSIL.Crypted.fu
20101

Dr.Web
Trojan.MulDrop5.6233
9.0.1.018

Emsisoft Anti-Malware
Gen:Variant.Barys.3152
8.16.01.18.11

ESET NOD32
MSIL/Injector.BEC (variant)
10.10732

Fortinet FortiGate
MSIL/Dropper.BEC!tr
1/18/2016

F-Secure
Gen:Variant.Barys.3152
11.2016-18-01_2

G Data
Gen:Variant.Barys.3152
16.1.24

IKARUS anti.virus
Worm.Win32.Ainslot
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.14021

Kaspersky
Trojan.MSIL.Inject
14.0.0.795

Malwarebytes
Spyware.Password
v2016.01.18.11

McAfee
Dropper-FKK!9AA8C7F90CAD
5600.6516

Microsoft Security Essentials
VirTool:MSIL/Obfuscator.AO
1.11104

MicroWorld eScan
Gen:Variant.Barys.3152
17.0.0.54

NANO AntiVirus
Trojan.Win32.MulDrop5.dcibqe
0.28.6.63362

Norman
Troj_Generic.TQMLD
11.20160118

Panda Antivirus
Trj/CI.A
16.01.18.11

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Quick Heal
Trojan.Obfuscator.r3
1.16.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.16B25F53!380788563
23.00.65.16116

Sophos
Troj/dnSink-A
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0PEH14
7.2.18

Trend Micro
TROJ_GEN.R0CBC0PEH14
10.465.18

Zillya! Antivirus
Trojan.Injector.Win32.226661
2.0.0.1983

File size:
644 KB (659,456 bytes)

Product version:
0.0.0.0

Original file name:
ty.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\trojan.exe

File PE Metadata
Compilation timestamp:
4/11/2014 4:55:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:ggiQ9G0Heg7TEZUMDzoSNyoUq3jeMCTbq932Dvck5S4uGV43AAwJHGXXw4R3vyUn:ggiQ9G6nsjRMayMyQ2rV

Entry address:
0x1490E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.6919

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
76 KB (77,824 bytes)

The file trojan.exe has been seen being distributed by the following URL.

Remove trojan.exe - Powered by Reason Core Security