» uploadfiles-downloads-pedometer_w2.exe
Overview
Analysis
File Details
Downloads (4)

uploadfiles-downloads-pedometer_w2.exe

The executable uploadfiles-downloads-pedometer_w2.exe, “PedoMeter W2 USB Flash Disk AP” has been detected as malware by 20 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.mediafire.com and multiple other hosts.

File name:

Description:

PedoMeter W2 USB Flash Disk AP

Version:

2, 0, 1, 8

MD5:

3ecceca369b38b8f8cdac48155346aa5

SHA-1:

6def7b91aead854318fc3b26e37d5c45a132f4e0

SHA-256:

1e5cc1fbd34625a756699005199048c38ef193a9a80b69528a2b0be3c096ae2f

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

11/2/2024 7:28:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2312203

590

Avira AntiVirus

TR/Rogue.746496.5

8.3.1.6

avast!

Win32:Malware-gen

2014.9-150624

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.15624

Bitdefender

Trojan.GenericKD.2312203

1.0.20.875

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Trojan.GenericKD.2312203

8.15.06.24.07

Fortinet FortiGate

W32/Hra.CK!tr

6/24/2015

F-Secure

Trojan.GenericKD.2312203

11.2015-24-06_4

G Data

Trojan.GenericKD.2312203

15.6.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.2.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1836

McAfee

RDN/Generic.hra!ck

5600.6724

MicroWorld eScan

Trojan.GenericKD.2312203

16.0.0.525

nProtect

Trojan.GenericKD.2312203

15.05.29.01

Panda Antivirus

Generic Suspicious

15.06.24.07

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R02SC0EDS15

7.2.175

Trend Micro

TROJ_GEN.R02SC0EDS15

10.465.24

VIPRE Antivirus

Trojan.Win32.Generic

40686

File size:

729 KB (746,496 bytes)

Product version:

2,0,0,0

Original file name:

PedoMeter_W2.exe

File type:

Executable application (Win32 EXE)

Language:

Kinesisk (traditionelt, Taiwan)

Common path:

C:\users\{user}\downloads\uploadfiles-downloads-pedometer_w2.exe

File PE Metadata

Compilation timestamp:

3/31/2015 10:08:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:rceNM2+YVFCY6CWn+B0KJwdxUyOPR/hUvTaTbm2ffYdvYJty2jl:rceNMjYVFCY6CjO8hhmaTay

Entry address:

0x210343

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

280 KB (286,720 bytes)

The file uploadfiles-downloads-pedometer_w2.exe has been seen being distributed by the following 4 URLs.

https://www.mediafire.com/?zlj3d4s9q4oafdj

http://www.gelua.com/UploadFiles\DownLoads\PedoMeter_W2.exe

http://www.gelua.com/DownloadFile.asp?SoftID=156

http://gelua.com/UploadFiles\DownLoads\PedoMeter_W2.exe

Remove uploadfiles-downloads-pedometer_w2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.