home

beg.exe

Query

JANDER PINTO DA SILVA

The application beg.exe by JANDER PINTO DA SILVA has been detected as adware by 23 anti-malware scanners.
Publisher:
Assuz  (signed by JANDER PINTO DA SILVA)

Product:
Query

Version:
6.2.8.1

MD5:
b9c47a96c19cbe68dce09f1452e1e7a6

SHA-1:
1e993d58bd1e7ec12ca194b926b1c0c9bbd86c87

SHA-256:
948684ea23e6f675472f7c522866f22bbe399c222b6f63996c67f81d49bfe340

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
4/25/2024 4:56:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1673006
841

Agnitum Outpost
TrojanSpy.Banker
7.1.1

AhnLab V3 Security
Spyware/Win32.Bancos
2014.09.20

AVG
PSW.Banker6
2015.0.3319

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.141017

Bitdefender
Trojan.GenericKD.1673006
1.0.20.1450

Comodo Security
UnclassifiedMalware
19563

Emsisoft Anti-Malware
Trojan.GenericKD.1673006
8.14.10.17.07

ESET NOD32
Win32/Spy.Banker.AAUT (variant)
8.10444

Fortinet FortiGate
W32/Banker.AAUT!tr.spy
10/17/2014

F-Secure
Trojan.GenericKD.1673006
11.2014-17-10_6

G Data
Trojan.GenericKD.1673006
14.10.24

IKARUS anti.virus
Trojan-PWS.Banker6
t3scan.1.7.8.0

McAfee
Artemis!B9C47A96C19C
5600.6975

MicroWorld eScan
Trojan.GenericKD.1673006
15.0.0.870

nProtect
Trojan.GenericKD.1673006
14.09.19.01

Panda Antivirus
Trj/CI.A
14.10.17.07

Qihoo 360 Security
Win32/Trojan.Spy.3ec
1.0.0.1015

Reason Heuristics
PUP.JANDERPINTODASILVA.D
14.10.17.7

Rising Antivirus
PE:Trojan.Win32.Generic.16C9CDC3!382324163
23.00.65.141015

Trend Micro House Call
TROJ_SPNV.01F514
7.2.290

Trend Micro
TROJ_SPNV.01F514
10.465.17

VIPRE Antivirus
Trojan.Compcert.121913
33274

File size:
383.8 KB (393,048 bytes)

Product version:
7.3.6.400

Copyright:
Assuz

Trademarks:
Assuz

Original file name:
Query

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\windows\beg.exe

Digital Signature
Signed by:
JANDER PINTO DA SILVA

Authority:
VeriSign, Inc.

Valid from:
9/12/2013 9:00:00 PM

Valid to:
9/12/2014 8:59:59 PM

Subject:
CN=JANDER PINTO DA SILVA, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=PALMAS, S=TOCANTINS, C=BR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1FC6AD26672CBA136E6B00334840CA37

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:8D4Y0ojAGaPmY32FxvQDm6wngNpWIJQ4YwBJMywT7oXlNzxjcgIZUMtLU26hJ676:W4YjjAGaUXIDLZNTQWnDwTyIZTtoXJ6W

Entry address:
0x50934

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, 07, 45, 00, E8, 84, 52, FB, FF, A1, 08, 20, 45, 00, 8B, 00, E8, 98, E3, FF, FF, 8B, 0D, 18, 20, 45, 00, A1, 08, 20, 45, 00, 8B, 00, 8B, 15, 88, 02, 45, 00, E8, 98, E3, FF, FF, A1, 08, 20, 45, 00, 8B, 00, E8, 0C, E4, FF, FF, E8, A7, 33, FB, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
318.5 KB (326,144 bytes)

Remove beg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.