home

48587080.exe

James Burton

The executable 48587080.exe has been detected as malware by 32 anti-virus scanners.
Publisher:
Basilico obsoleto  (signed by James Burton)

Product:
Basilico obsoleto

Version:
4.06.0007

MD5:
cd5e9d910aa71f27fc66a184f0825a1c

SHA-1:
6b0ed54ab5edf1347f73017af74af6062801b05d

SHA-256:
b181588e3d1abe088ced513ad6da349a98552b2f74c59c81a7f2a8251d27c08a

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/17/2024 11:32:24 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2682844
264

Agnitum Outpost
Trojan.DR.VB
7.1.1

AhnLab V3 Security
Trojan/Win32.Miuref
2015.09.10

Avira AntiVirus
TR/Dropper.VB.24184
8.3.2.2

Arcabit
Trojan.Generic.D28EFDC
1.0.0.525

avast!
Win32:Malware-gen
2014.9-160516

AVG
Dropper.Generic9
2017.0.2742

Baidu Antivirus
Trojan.Win32.Dropper
4.0.3.16516

Bitdefender
Trojan.GenericKD.2682844
1.0.20.685

Dr.Web
Trojan.Siggen6.23087
9.0.1.0137

Emsisoft Anti-Malware
Trojan.GenericKD.2682844
8.16.05.16.04

ESET NOD32
Win32/Boaxxe.BR
10.12232

Fortinet FortiGate
W32/VB.BR!tr
5/16/2016

F-Secure
Trojan.GenericKD.2682844
11.2016-16-05_2

G Data
Trojan.GenericKD.2682844
16.5.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.210.17174

Kaspersky
Trojan-Dropper.Win32.VB
14.0.0.204

Malwarebytes
Trojan.VBCrypt
v2016.05.16.04

McAfee
RDN/Generic Dropper
5600.6398

Microsoft Security Essentials
VirTool:Win32/VBInject.AER
1.1.12002.0

MicroWorld eScan
Trojan.GenericKD.2682844
17.0.0.411

NANO AntiVirus
Trojan.Win32.VB.dvujme
0.30.24.3283

nProtect
Trojan.GenericKD.2682844
15.09.10.01

Panda Antivirus
Trj/CI.A
16.05.16.04

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
TrojanDropper.VB.r3
5.16.14.00

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-VB
9141

Trend Micro
TROJ_GEN.R08NC0DHT15
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
43638

Zillya! Antivirus
Dropper.VB.Win32.65603
2.0.0.2392

File size:
141.7 KB (145,112 bytes)

Product version:
4.06.0007

Original file name:
Basilico obsoleto.exe

File type:
Executable application (Win32 EXE)

Language:
Arabic (Saudi Arabia)

Common path:
C:\users\{user}\appdata\local\ofxics\48587080.exe

Digital Signature
Signed by:
James Burton

Authority:
StartCom Ltd.

Valid from:
8/31/2013 6:48:48 AM

Valid to:
9/1/2015 5:03:34 PM

Subject:
E=jim618@fastmail.co.uk, CN=James Burton, L=London, S=Greater London, C=GB, Description=PgF7B7Vgi6msWulW

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0ADE

File PE Metadata
Compilation timestamp:
9/21/2015 11:56:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:RbAR7E5SSWx8MSmHpW0WFQBH49P43RD5q80:lAO5Ux8zEi99PGB5e

Entry address:
0x135C

Entry point:
68, 50, 37, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 91, 4C, C4, 5F, AA, D3, 6C, 4A, 9D, 41, 0A, 5D, C4, A6, F1, 6E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 70, 74, 69, 6F, 6E, 20, 4C, 75, 66, 74, 61, 62, 77, 65, 68, 72, 77, 61, 66, 66, 65, 37, 00, 22, 46, 65, 72, 72, 6F, 6D, 00, 00, 00, 00, FF, CC, 31, 00, 04, 5E, BE, A4, E3, FC, F0, 97, 40, A0, E0, 24, FF, 35, 6B, 1C, 0B, 58, 64, FB, 09, C1, 6D, 7F, 4B, 9B, 35, CA, 02, 1F, F1, EC, 20, 3A, 4F, AD...
 
[+]

Entropy:
7.0170

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
120 KB (122,880 bytes)

Remove 48587080.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.