home

bp 2013 etap 3 i 4 v2.exe

WindowsApplication12

The executable bp 2013 etap 3 i 4 v2.exe has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-14-1k-docs.googleusercontent.com.
Product:
WindowsApplication12

Version:
1.0.0.0

MD5:
43146b39ea169e731ee3f2b6296d579c

SHA-1:
fd410da3470accd5bdfd7d1f597ccc67028b7454

SHA-256:
1a1930e2916a5ec0be6b7fb419c4e3d5a7d80bad8d20ceeaadf1af35b7f2bfe5

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
5/8/2024 9:36:00 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Siggen6.56962
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Zusy.183426
11.5.0.6191

Norman
Gen:Variant.Zusy.183426
02.04.2016 17:35:19

File size:
175 KB (179,200 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
WindowsApplication12.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\bp 2013 etap 3 i 4 v2.exe

File PE Metadata
Compilation timestamp:
11/18/2013 11:49:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:sDNdjSKRyIHYa/ERGOuVhbPjrhdd6UT1AOOPSxWVJz8WcVTaVfuuzI1YOI7BvsFv:sDjSKRyIHJuOOPSxWVJz8O

Entry address:
0x2A3AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 65, 99, 8A, 52, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, C0, 02, 00, 1C, 88, 02, 00, 52, 53, 44, 53, FE, 89, E2, E0, 2A, FB, 22, 44, AD, 4F, 48, 68, 2A, 67...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
161 KB (164,864 bytes)

The file bp 2013 etap 3 i 4 v2.exe has been seen being distributed by the following URL.

https://doc-14-1k-docs.googleusercontent.com/docs/securesc/nr2qdkbdaal4ftfceglnq2p9eue2ang1/ova96h32atkjkfapfcren6r7p8cjnkhi/1452060000000/.../16451714688275401078/0ByQUrlHwOtonUHQ1UWU3dTRHczA?e=download

Remove bp 2013 etap 3 i 4 v2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.