home

304513.exe

The executable 304513.exe has been detected as malware by 34 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.215 and multiple other hosts.
MD5:
1be5f636b243ba1e920ec28c0c1d0731

SHA-1:
3193d96a8510697203afc840cb42f44ad3586fac

SHA-256:
5be7d7e5de43784c6ce40e0c32d0ef7a705cea4d6a6ac289053fb52fd5a32af4

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
6/17/2024 5:25:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BNTR
5695766

Agnitum Outpost
Trojan.ClipBanker
7.1.1

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.2.4

Arcabit
Trojan.Agent.BNTR
1.0.0.628

avast!
Win32:Malware-gen
2014.9-151202

AVG
Atros2
2016.0.2907

Baidu Antivirus
Trojan.Win32.Small
4.0.3.15122

Bitdefender
Trojan.GenericKD.2827725
1.0.20.1680

Clam AntiVirus
WIN.Trojan.Zapchast-1668
0.98/21124

Comodo Security
UnclassifiedMalware
23690

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Trojan.GenericKD.2827725
10.0.0.5366

ESET NOD32
Win32/ClipBanker.F trojan
7.0.302.0

Fortinet FortiGate
W32/ClipBanker.F!tr
12/2/2015

F-Prot
W32/Trojan3.QZY (exact, not disinfectable)
4.6.5.141

F-Secure
Trojan.GenericKD.2827725
11.2015-02-12_4

G Data
Trojan.GenericKD.2827725
15.12.25

IKARUS anti.virus
Trojan.Win32.Clipbanker
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.18027

Kaspersky
Trojan.Win32.Small
14.0.0.1032

McAfee
Trojan.Artemis!E57C8781B32C
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.211.1538.0

MicroWorld eScan
Trojan.GenericKD.2827725
16.0.0.1008

NANO AntiVirus
Trojan.Win32.XPACK.dxzuxb
0.30.26.4751

Norman
Trojan.GenericKD.2827725
07.10.2015 03:16:12

nProtect
Trojan.GenericKD.2827725
15.12.02.01

Panda Antivirus
Trj/CI.A
15.12.02.02

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1077

Sophos
Virus 'Mal/EncPk-ZC'
5.20

Trend Micro House Call
TROJ_GE.7F03C652
7.2.336

Trend Micro
TROJ_GE.7F03C652
10.465.02

Vba32 AntiVirus
Trojan.Autoit.F
3.12.26.4

VIPRE Antivirus
Threat.4150696
45468

Zillya! Antivirus
Trojan.ClipBanker.Win32.20
2.0.0.2541

File size:
3 MB (3,111,618 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\304513.exe

File PE Metadata
Compilation timestamp:
6/9/2012 3:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:B5WbmtTWBHhmtTtzmtTwcgsNmtTW6mtTRSCXdmtT5bHhAmtTWb:LOm4PmPmecg+mnmvSqmPBAmsb

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Code size:
73 KB (74,752 bytes)

The file 304513.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.215/.../mayn.exe

http://bexer.homenode.ca/mayn.exe

Remove 304513.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.