xp&vista&seven.exe

-=FaiT90=- Activation Package

The executable xp&vista&seven.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc336.4shared.com.
Publisher:
-=FaiT90=- Activation Package

Product:
-=FaiT90=- Activation Package

Version:
1,2,7,9

MD5:
0b4d1631efca622ae0c43d0e695328f7

SHA-1:
3ddb2bfb8eb2d5f3068e42dc3633480265c55e90

SHA-256:
4d80fd1d01e7149898e44a051d857b360a1d711cd26507e522cca460be98fef6

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
12/26/2024 4:24:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.7803716
974

Avira AntiVirus
TR/Rogue.7803716
7.11.146.224

Baidu Antivirus
HackTool.MSIL.WinActivator
4.0.3.1466

Bitdefender
Trojan.Generic.7803716
1.0.20.785

Emsisoft Anti-Malware
Trojan.Generic.7803716
8.14.06.06.12

ESET NOD32
MSIL/HackTool.WinActivator (variant)
8.9748

F-Secure
Trojan.Generic.7803716
11.2014-06-06_6

G Data
Trojan.Generic.7803716
14.6.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.11951

McAfee
Artemis!0B4D1631EFCA
5600.7108

MicroWorld eScan
Trojan.Generic.7803716
15.0.0.471

Norman
Troj_Generic.EKQSY
11.20140606

nProtect
Trojan.Generic.7803716
14.04.30.01

Qihoo 360 Security
Win32/Trojan.c59
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.12DBAACB!316385995
23.00.65.14604

Sophos
W32/AutoRun-BSY
4.98

Trend Micro House Call
CRCK_PATCHER
7.2.157

Trend Micro
CRCK_PATCHER
10.465.06

Vba32 AntiVirus
TrojanDropper.VB
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28778

File size:
14.7 MB (15,447,040 bytes)

Product version:
1,2,7,9

Copyright:
-=FaiT90=- Activation Package

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\startup files\windows 7 activators (optional)\xp&vista&seven.exe

File PE Metadata
Compilation timestamp:
2/7/2009 1:33:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.50

CTPH (ssdeep):
196608:BN9l9naGhGRrWPPiHi+d+tR9cfWj8dazF40pbXMJF0q5o5+1raelxdtOSzDBJ:BflYRCL93WKmbNvrXDP

Entry address:
0x16D2CC0

Entry point:
60, BE, 15, 00, C7, 00, 8D, BE, EB, 0F, 79, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, C6, 09, 6D, 01, 57, 83, C3, 04, 53, 68, 9A, 2C, E6, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9806  (probably packed)

Code size:
14.4 MB (15,089,664 bytes)

The file xp&vista&seven.exe has been seen being distributed by the following URL.

Remove xp&vista&seven.exe - Powered by Reason Core Security