winpenguins.EXE

WinPenguins

The executable winpenguins.EXE has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.dziecionline.pl.
Product:
WinPenguins

Version:
1, 0, 0, 1

MD5:
ae91814e42222b56fcde2e2ea89bf04f

SHA-1:
894b59579754d00fc55e94093591eae3beba61b7

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/5/2024 10:51:20 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.54784.113
8.3.2.2

G Data
Win32.Trojan.Agent.G7FZXO
15.11.25

IKARUS anti.virus
Win32.Malware
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.210.17391

Qihoo 360 Security
Win32/Trojan.ca9
1.0.0.1015

Trend Micro House Call
PAK_Generic.005
7.2.333

Trend Micro
PAK_Generic.005
10.465.29

File size:
53.5 KB (54,784 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2000 Michael Vines

Original file name:
winpenguins.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\konto\moje dokumenty\downloads\winpenguins.exe

File PE Metadata
Compilation timestamp:
4/3/2001 9:34:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:bzSua+t+O9TdtSN5x9dGes/C72h3oErw7JVnireB5oLleYE8efJOQ/VkTXedyh9b:6uLTdtKm31rw7JUru58rEXxXKOdIb

Entry address:
0x31A50

Entry point:
60, BE, 00, 60, 42, 00, 8D, BE, 00, B0, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
48 KB (49,152 bytes)

The file winpenguins.EXE has been seen being distributed by the following URL.

Remove winpenguins.EXE - Powered by Reason Core Security