home

arquivo.exe

BR SOFTWARE LLC

The application arquivo.exe by BR SOFTWARE has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. This setup program installs potentially unwanted software on the user's PC at the same time as the expected/marketing software, without adequate consent. The program is typically installed via a form of malvertising The file has been seen being downloaded from www.baixarmidia.com and multiple other hosts.
Publisher:
BR SOFTWARE LLC  (signed and verified)

Version:
1.0.0.0

MD5:
f2f1f210a23b28e3c7459e2d0ee33be8

SHA-1:
752955d32c24c2924055054df924b9eb23fefc00

SHA-256:
c308ab325ad795d7853ad512311d84f4bd34a95f0f24aff2af21faedb88ef6cb

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/27/2024 2:30:59 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/ASD.variant
2013.08.12

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.96.100

avast!
Win32:Downloader-SCT [Adw]
2014.9-140613

Bitdefender
Trojan.Generic.8572200
1.0.20.820

Comodo Security
UnclassifiedMalware
16748

Dr.Web
Trojan.DownLoader7.51517
9.0.1.0164

Emsisoft Anti-Malware
Trojan.Generic.8572200
8.14.06.13.09

ESET NOD32
MSIL/Adware.PCMega (variant)
8.8676

Fortinet FortiGate
Adware/Fam.NB
6/13/2014

F-Secure
Trojan.Generic.8572200
11.2014-13-06_6

G Data
Trojan.Generic.8572200
14.6.22

IKARUS anti.virus
SoftwareBundler
t3scan.2.0.127

K7 AntiVirus
Riskware
13.170.9241

Malwarebytes
Trojan.Arqudrop
v2014.06.13.09

McAfee
Trojan-FASA!F2F1F210A23B
5600.7101

Microsoft Security Essentials
SoftwareBundler:MSIL/Protlerdob
1.163.1557.0

MicroWorld eScan
Trojan.Generic.8572200
15.0.0.492

NANO AntiVirus
Trojan.Win32..bejuqj
0.26.0.53954

Panda Antivirus
Trj/Downloader.VPT
14.06.13.09

Reason Heuristics
PUP.BRSOFTWARE.H
14.6.13.9

Trend Micro House Call
TROJ_GEN.R0CBH01FG13
7.2.164

VIPRE Antivirus
MSIL.Adware.PCMega
20392

File size:
16.5 KB (16,888 bytes)

Product version:
1.0.0.0

Original file name:
f030113.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\arquivo.exe

Digital Signature
Signed by:
BR SOFTWARE LLC

Authority:
GoDaddy.com, Inc.

Valid from:
1/7/2013 5:53:23 PM

Valid to:
4/17/2013 4:03:06 PM

Subject:
CN=BR SOFTWARE LLC, O=BR SOFTWARE LLC, L=Lewes, S=DE, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
278C3F5F235F8E

File PE Metadata
Compilation timestamp:
1/5/2013 2:41:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:PHOf7I7x7vTNTuC9ZCDkHOUq+RJ2M26MzrsE3ontKoYrfrrvEt:PX1THOUtAn6tKhrPY

Entry address:
0x453E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9.5 KB (9,728 bytes)

The file arquivo.exe has been seen being distributed by the following 2 URLs.

http://www.baixarmidia.com/ids/id57/.../filme.exe

http://www.baixarmidia.com/ids/id51/.../arquivo.exe

Remove arquivo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.