» 4b02f44d8aa6583d31a83e62e3b7e84c
Overview
Analysis
File Details

4b02f44d8aa6583d31a83e62e3b7e84c

Fling

NCH Software

The file 4b02f44d8aa6583d31a83e62e3b7e84c, “Fling File Transfer” has been detected as malware by 24 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

Publisher:

NCH Software

Product:

Fling

Description:

Fling File Transfer

Version:

2.35.7.1

MD5:

4b02f44d8aa6583d31a83e62e3b7e84c

SHA-1:

3665f9414ec1b63a5d52eaa8a36310b4fdb94061

SHA-256:

dfe97a95aa08ff327228c63634191077673d95ac146ac86e91d94433b3e516aa

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

5/10/2024 5:25:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1981669

804

Avira AntiVirus

TR/Dropper.A.33188

7.11.187.188

AVG

Inject2

2015.0.3282

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.141123

Bitdefender

Trojan.GenericKD.1981669

1.0.20.1635

Dr.Web

Trojan.PWS.Panda.655

9.0.1.0327

Emsisoft Anti-Malware

Trojan.GenericKD.1981669

8.14.11.23.09

ESET NOD32

Win32/Spy.Zbot.AAQ

8.10753

Fortinet FortiGate

W32/Agent.DV!tr

11/23/2014

F-Prot

W32/Zbot.CJP

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1981669

11.2014-23-11_1

G Data

Trojan.GenericKD.1981669

14.11.24

IKARUS anti.virus

Trojan.Agent

t3scan.1.8.3.0

Kaspersky

Trojan.NSIS.Agent

14.0.0.2903

Malwarebytes

Trojan.Dropper.NS

v2014.11.23.09

McAfee

Artemis!4B02F44D8AA6

5600.6938

MicroWorld eScan

Trojan.GenericKD.1981669

15.0.0.981

NANO AntiVirus

Trojan.Win32.Agent.djaksy

0.28.6.63474

nProtect

Trojan.GenericKD.1981669

14.11.20.01

Panda Antivirus

Generic Suspicious

14.11.23.09

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R047H05KJ14

7.2.327

VIPRE Antivirus

Trojan.Win32.Generic

34956

File size:

205.7 KB (210,682 bytes)

Product version:

1.9.7.1

NCH Software

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\91\4b02f44d8aa6583d31a83e62e3b7e84c

File PE Metadata

Compilation timestamp:

5/11/2014 9:03:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:BMTCPmFCRJjhbc2p9xMfDgd0r5Xc0w3sl2D+FIN+omu:VmFCzjefMI5RwbNRmu

Entry address:

0x30C9

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, B8, 1F, 7A, 00, E8, 95, 2D, 00, 00, A3, 04, 1F, 7A, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, B8, D4, 79, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, 00, 17, 7A, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 70, 7A, 00, 50, 55, E8, 2D, 2A... 
[+]

Entropy:

7.8744

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove 4b02f44d8aa6583d31a83e62e3b7e84c - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.