underfiregenerator__6858_il2760049.exe

The executable underfiregenerator__6858_il2760049.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from v4download2.biz and multiple other hosts.
Version:
1.1.5.90

MD5:
32ac6c56a460ace7745fc46cce81feed

SHA-1:
14c77947df08e8aaf66d2bd617da3106806b57aa

SHA-256:
48cba3eeca58a1559bb8f8f3e35b3316f2860d948ad5f13cf0b9f0bd02b479cb

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/25/2024 4:43:18 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-141012

AVG
Generic_r
2015.0.3323

Bkav FE
W32.HfsAutoA
1.3.0.4959

Malwarebytes
Trojan.Dropper.KJG
v2014.10.12.01

File size:
524.6 KB (537,168 bytes)

Product version:
1.1.5.90

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\underfiregenerator__6858_il2760049.exe

File PE Metadata
Compilation timestamp:
10/3/2014 11:04:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:4uW8TYpmbvx0Xs21NZYot5oTUGvlglQATeQ9g60/0ipNkpNMw2DbRh:4HUvyV1ootWUGtWdT9g60/VKX2Jh

Entry address:
0x123F19

Entry point:
9C, 8D, 64, 24, 04, 0F, 89, 59, E9, FF, FF, 68, BD, B9, 56, 76, C7, 04, 24, 61, B6, C3, F0, 9C, 9C, 9C, C7, 04, 24, DF, A8, FA, EE, C7, 44, 24, 08, A8, C2, EB, 1F, 66, 89, 04, 24, 8D, 64, 24, 08, E9, 50, 11, 03, 00, 9C, F7, C6, 8E, 40, 29, BD, 84, C0, 9C, 9C, 8D, 64, 24, 14, 0F, 84, 96, 37, 00, 00, E9, B2, C9, 02, 00, 8D, 74, 24, 04, F8, 66, 0F, A3, F7, 0F, A3, C1, 83, EF, 04, E9, E7, AF, FF, FF, 60, 8D, 64, 24, 24, 0F, 87, 08, D9, FF, FF, 60, F8, 0F, A3, DD, 69, D2, 0A, 00, 00, 00, F6, C2, C8, F8, 9C, 01...
 
[+]

Entropy:
7.8975  (probably packed)

Code size:
178.5 KB (182,784 bytes)

The file underfiregenerator__6858_il2760049.exe has been seen being distributed by the following 3 URLs.

Remove underfiregenerator__6858_il2760049.exe - Powered by Reason Core Security