home

4a926bc2f0d66095f68f194a4f64ff52.exe

The executable 4a926bc2f0d66095f68f194a4f64ff52.exe has been detected as malware by 29 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘4a926bc2f0d66095f68f194a4f64ff52’. The file has been seen being downloaded from download1311.mediafire.com.
MD5:
f3bd041b60601d0d9c86df19156cc2e6

SHA-1:
de6309f5fc3e29eaa448e52414458cd1c0832bc1

SHA-256:
7b09b74e4593faac6518643c9f55decfb8b6013b8fa0eb3e1ecc2f1c73b19409

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
5/2/2025 4:14:45 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1472130
1105

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.126.102

avast!
Win32:Malware-gen
2014.9-140126

AVG
Dropper.Generic9
2015.0.3583

Baidu Antivirus
Trojan.Win32.FrauDrop
4.0.3.14126

Bitdefender
Trojan.GenericKD.1472130
1.0.20.130

Comodo Security
UnclassifiedMalware
17656

Dr.Web
Win32.HLLW.Autoruner.25074
9.0.1.026

Emsisoft Anti-Malware
Trojan.GenericKD.1472130
8.14.01.26.12

ESET NOD32
MSIL/Injector.CGC (variant)
8.9323

Fortinet FortiGate
W32/FrauDrop.ACJHH!tr
1/26/2014

F-Secure
Trojan.GenericKD.1472130
11.2014-25-02_3

G Data
Trojan.GenericKD.1472130
14.1.24

IKARUS anti.virus
Trojan.Msil
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10926

Kaspersky
Trojan-Dropper.Win32.FrauDrop
14.0.0.4410

McAfee
RDN/Generic Dropper!sr
5600.7239

MicroWorld eScan
Trojan.GenericKD.1472130
15.0.0.78

NANO AntiVirus
Trojan.Win32.FrauDrop.csbcpi
0.28.0.57380

Norman
Suspicious_Gen4.FNWOX
11.20140126

nProtect
Trojan.GenericKD.1472130
14.01.22.03

Panda Antivirus
Generic Malware
14.01.26.12

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D
23.00.65.14223

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_GEN.R0CBC0PLU13
7.2.26

Trend Micro
TROJ_GEN.R0CBC0PLU13
10.465.26

Vba32 AntiVirus
TrojanDropper.FrauDrop.acjhh
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25686

ViRobot
Dropper.A.FrauDrop.413696.W
2011.4.7.4223

File size:
404 KB (413,696 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\4a926bc2f0d66095f68f194a4f64ff52.exe

File PE Metadata
Compilation timestamp:
12/15/2013 8:02:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:5z/Mt/GYXwrqV8JicQcWmsYqO9fOBagm44I425EDC6M9o1/2nHgCMgVUwoMaXzSb:MGYXcPvqGmBJ425EDCBo8AC7VkDS

Entry address:
0x30123

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4459

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
184.5 KB (188,928 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
4a926bc2f0d66095f68f194a4f64ff52

Command:
"C:\users\{user}\appdata\local\temp\winlogon.exe"..


The file 4a926bc2f0d66095f68f194a4f64ff52.exe has been seen being distributed by the following URL.

http://download1311.mediafire.com/o84wf3nyyzvg/.../rawteer.exe

Remove 4a926bc2f0d66095f68f194a4f64ff52.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.