voucher.ricardoeletro.com

The file voucher.ricardoeletro.com has been detected as malware by 31 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from sj.xdirectx.com and multiple other hosts.
Version:
1.0.0.0

MD5:
b037980732d665ee46662a2d3d5d067d

SHA-1:
da2a12dc59e0e6e0f7a12ca7fc0da8cc13979ad1

SHA-256:
b1625eb55be1014434e4bbf0b6fff1fb83fc1d443bac2684213c5059fe05b607

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
11/27/2024 6:31:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2728176
368

AhnLab V3 Security
Trojan/Win32.Banload
2016.01.18

Avira AntiVirus
TR/Dldr.Agent.219648.10
8.3.2.4

Arcabit
Trojan.Generic.D29A0F0
1.0.0.642

avast!
Win32:Banker-MGN [Trj]
2014.9-160202

AVG
Downloader.MSIL
2017.0.2846

Baidu Antivirus
Trojan.MSIL.Banload
4.0.3.1622

Bitdefender
Trojan.GenericKD.2728176
1.0.20.165

Emsisoft Anti-Malware
Trojan.GenericKD.2728176
8.16.02.02.04

ESET NOD32
MSIL/TrojanDownloader.Banload.ER (variant)
10.12883

Fortinet FortiGate
MSIL/Banload.ER!tr.dldr
2/2/2016

F-Secure
Trojan.GenericKD.2728176
11.2016-02-02_3

G Data
Trojan.GenericKD.2728176
16.2.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Banload
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18451

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.724

Malwarebytes
Trojan.Banker.MSIL
v2016.02.02.04

McAfee
RDN/Generic Downloader.x
5600.6502

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload.AA
1.1.12400.0

MicroWorld eScan
Trojan.GenericKD.2728176
17.0.0.99

NANO AntiVirus
Trojan.Win32.Agent.dxbude
1.0.14.5380

nProtect
Trojan.GenericKD.2728176
16.01.15.02

Panda Antivirus
Trj/CI.A
16.02.02.04

Quick Heal
TrojanDownloader.Banload.r4
2.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16131

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_BANLOAD.TLX
7.2.33

Trend Micro
TROJ_BANLOAD.TLX
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
46586

ViRobot
Trojan.Win32.Downloader.219648.AE[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Banload.Win32.67439
2.0.0.2616

File size:
214.5 KB (219,648 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Cascavel.exe

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\voucher.ricardoeletro.com

File PE Metadata
Compilation timestamp:
9/15/2015 10:35:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:IzJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qhNZK6BbHw9f4baRYX2NCancRu7At:vWROJNhpeBUDnqFK6BbQ93

Entry address:
0x3663E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
210 KB (215,040 bytes)

The file voucher.ricardoeletro.com has been seen being distributed by the following 2 URLs.

Remove voucher.ricardoeletro.com - Powered by Reason Core Security