» arquivo.exe
Overview
Analysis
File Details
Downloads (1)

arquivo.exe

Grupo Hunter

The application arquivo.exe by Grupo Hunter has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.baixearquivo.com.

File name:

arquivo.exe

Publisher:

Grupo Hunter (signed and verified)

Version:

1.0.0.0

MD5:

42b737dcaa5a65b2d53634f75e1bf050

SHA-1:

2dddc21e608ca8ec22790834824b95bd80ac88d2

SHA-256:

bdaa52a2db3d8debe128355590c342f500188cf4057a3647ba755ac3daa704a7

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 1:56:14 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.ADH

2013.02.17

Avira AntiVirus

TR/Spy.Banker.Gen

7.11.61.114

avast!

Win32:Downloader-SKD [Adw]

2014.9-160218

AVG

ArchSMS

2017.0.2829

Bitdefender

Gen:Variant.Strictor.21958

1.0.20.245

Comodo Security

UnclassifiedMalware

15279

Emsisoft Anti-Malware

Trojan.Win32.Downloader.Agent.AMN

8.16.02.18.01

ESET NOD32

Win32/Downloader.Agent (variant)

10.8018

Fortinet FortiGate

W32/SPNR.08A213!tr

2/18/2016

F-Secure

Gen:Variant.Strictor.21958

11.2016-18-02_5

G Data

Gen:Variant.Strictor.21958

16.2.22

IKARUS anti.virus

AdWare.Win32.DealPly

t3scan.2.0.0.0

McAfee

Artemis!42B737DCAA5A

5600.6485

Microsoft Security Essentials

Program:Win32/Pameseg

1.163.1557.0

MicroWorld eScan

Gen:Variant.Strictor.21958

17.0.0.147

Panda Antivirus

Trj/Agent.MIZ

16.02.18.01

Trend Micro House Call

TROJ_SPNR.08A213

7.2.49

Trend Micro

TROJ_SPNR.08A213

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

15594

File size:

790.6 KB (809,576 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Portuguese (Brazil)

Common path:

C:\users\{user}\downloads\arquivo.exe

Digital Signature

Signed by:

Grupo Hunter

Authority:

COMODO CA Limited

Valid from:

11/26/2012 10:00:00 PM

Valid to:

11/27/2013 9:59:59 PM

Subject:

CN=Grupo Hunter, O=Grupo Hunter, STREET="R JOAO ROSA, 364, CENTRO", L=BIGUAÇU, S=SC, PostalCode=88160000, C=BR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

10FB0BD016440D342DDC0ED91D16A744

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:2GYOjP1mL3H/LQTUGcTFZhTVEqjydYg2MlomonwGoSOkn7+:2XC83oUGcJpEqCN2Ml5Z

Entry address:

0x212F80

Entry point:

60, BE, 00, B0, 56, 00, 8D, BE, 00, 60, E9, FF, C7, 87, 9C, 00, 17, 00, ED, 4F, D4, 76, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7B, 04, 21, 00, 57, 83, C3, 04, 53, 68, 76, 7F, 0A, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9... 
[+]

Code size:

676 KB (692,224 bytes)

The file arquivo.exe has been seen being distributed by the following URL.

http://www.baixearquivo.com/download/.../arquivo

Remove arquivo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.