home

webfree.desenho.download.google.com.exe

Project1

The executable webfree.desenho.download.google.com.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-04-28-docs.googleusercontent.com.
Publisher:
Microsoft*  (Invalid match)

Product:
Project1

Version:
1.00

MD5:
b578d1fcef2cf46e862a05b0646e9e0b

SHA-1:
7b374e8ef36c9312c97d79f783fa024d6062bfea

SHA-256:
30d1ece6ea46b381107de26854adce793d7f29518abcafd7cdf22dbad87c0f20

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/28/2024 1:35:53 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Cossta
2013.03.12

Avira AntiVirus
TR/Crypt.FKM.Gen
7.11.64.152

avast!
Win32:VB-AFNR [Trj]
2014.9-160307

AVG
VB2
2017.0.2812

Bitdefender
Gen:Trojan.Heur.bmKfsKL51Gei
1.0.20.335

Comodo Security
UnclassifiedMalware
15544

Emsisoft Anti-Malware
Gen:Trojan.Heur.bmKfsKL51Gei
8.16.03.07.05

ESET NOD32
Win32/VB.NTK (variant)
10.8107

Fortinet FortiGate
W32/VB.NTK!tr
3/7/2016

F-Secure
Gen:Trojan.Heur.bmKfsKL51Gei
11.2016-07-03_2

G Data
Gen:Trojan.Heur.bmKfsKL51Gei
16.3.22

K7 AntiVirus
Trojan
13.163.8344

Kaspersky
Trojan.Win32.Cossta
14.0.0.554

McAfee
Artemis!B578D1FCEF2C
5600.6468

Microsoft Security Essentials
TrojanDownloader:Win32/Swity.C
1.163.1557.0

MicroWorld eScan
Gen:Trojan.Heur.bmKfsKL51Gei
17.0.0.201

Norman
Troj_Generic.IDSZJ
11.20160307

Panda Antivirus
Trj/CI.A
16.03.07.05

Quick Heal
(Suspicious) - DNAScan
3.16.12.00

Sophos
Mal/VB-UY
4.86

Trend Micro House Call
TROJ_GEN.RC1CDBE
7.2.67

Trend Micro
TROJ_GEN.RC1CDBE
10.465.07

Vba32 AntiVirus
Trojan.Cossta.vsz
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
15998

File size:
22.5 KB (23,040 bytes)

Product version:
1.00

Original file name:
mydiaMjz9.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\webfree.desenho.download.google.com.exe

File PE Metadata
Compilation timestamp:
2/13/2013 6:43:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:EN+cMdnzYl2c2nq+HRwTWhB5icWB8VOTG6PQu2CWU0+Gu8zj/CfWnEd:EwZaCq+vB8aVOTG6km0+Ejm

Entry address:
0x11940

Entry point:
60, BE, 00, D0, 40, 00, 8D, BE, 00, 40, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
20 KB (20,480 bytes)

The file webfree.desenho.download.google.com.exe has been seen being distributed by the following URL.

https://doc-04-28-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/cq8vbhpg6b60kpl23k1alu0qpnra2uoh/1360864800000/17152690478524078959/.../0BxKhFw3l1U6RcmJfZHFuN2lYdFU?e

Remove webfree.desenho.download.google.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.