TTRInjector V.3.2.exe

Python Coders

SmartFTP Client

The executable TTRInjector V.3.2.exe has been detected as malware by 29 anti-virus scanners. The file has been seen being downloaded from download1188.mediafire.com.
Publisher:
SmartFTP Client  (signed and verified)

Product:
Python Coders

Version:
3.2.0

MD5:
5d796503add53578f06050639c54f396

SHA-1:
eef1db4c21007a9bff893268abbb9565bdd3e916

SHA-256:
39f4fc666cbcbe3594eaf5ba8f3462ca28791b4355f5a0e16e1f60e69bce8786

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
11/23/2024 12:17:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.14553780
5834730

AhnLab V3 Security
Spyware/Win32.Zbot
2015.07.27

Avira AntiVirus
TR/Dropper.MSIL.158401
8.3.1.6

Arcabit
Trojan.Generic.DDE12B4
1.0.0.425

avast!
MSIL:GenMalicious-VZ [Trj]
150717-0

AVG
MSIL4
2016.0.3036

Baidu Antivirus
Trojan.MSIL.Disfa
4.0.3.15726

Bitdefender
Trojan.Generic.14553780
1.0.20.1035

Dr.Web
Trojan.Packed.28396
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.14553780
10.0.0.5366

ESET NOD32
MSIL/Injector.EZG trojan
7.0.302.0

Fortinet FortiGate
MSIL/Injector.ESI!tr
7/26/2015

F-Secure
Trojan.Generic.14553780
5.14.151

G Data
Trojan.Generic.14553780
15.7.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.207.16684

Kaspersky
Trojan.MSIL.Disfa
15.0.0.543

Malwarebytes
Backdoor.Agent.TMPGen
v2015.07.26.06

McAfee
Trojan.Artemis!5D796503ADD5
18.0.204.0

Microsoft Security Essentials
Trojan:MSIL/Toauta!rfn
1.1.11903.0

MicroWorld eScan
Trojan.Generic.14553780
16.0.0.621

NANO AntiVirus
Trojan.Win32.Comet.dfkpgi
0.30.24.2668

Norman
Trojan.Generic.14553780
07.07.2015 03:10:29

nProtect
Trojan.Generic.14553780
15.07.23.01

Panda Antivirus
Trj/CI.A
15.07.26.06

Quick Heal
Trojan.MSI.r3
7.15.14.00

Sophos
Virus 'Troj/dnSauce-Y'
5.15

Trend Micro
TROJ_GEN.R0C1C0DDN15
10.465.26

VIPRE Antivirus
Threat.4150696
41424

File size:
276.9 KB (283,528 bytes)

Product version:
3.2.0

Original file name:
TTRInjector V.3.2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ttrinjector v.3.2.exe

Digital Signature
Signed by:

Authority:
SmartFTP Client

Valid from:
1/2/2014 4:56:32 AM

Valid to:
1/2/2114 4:56:32 AM

Subject:
CN=SmartFTP Client

Issuer:
CN=SmartFTP Client

Serial number:
6C7C1723381A15A44161851A894BF545

File PE Metadata
Compilation timestamp:
4/18/2015 1:01:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:+c3TouwrrVQfenst/BxeVDNmcdDEaGGymhOUY3/zy8AIRdBEF7teWszboC4OM3Y+:VGstBxwSHmhOCdCa3Y+

Entry address:
0x1EB0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5865

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
115 KB (117,760 bytes)

The file TTRInjector V.3.2.exe has been seen being distributed by the following URL.

Remove TTRInjector V.3.2.exe - Powered by Reason Core Security