home

cloudcar.exe

The application cloudcar.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.amtso.org and multiple other hosts.
MD5:
3fb121fbbccb27969668cc36d0a8f15b

SHA-1:
f4053231135502b4e8ea2b4d2e32abefe3a08765

SHA-256:
3559378c933cdd434af2083f7535460843d2462033de74ec7c70dbe5f70124f5

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 7:10:05 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
CLOUDCAR_Test
2014.0.3614

Bkav FE
W32.Clod04b.Trojan
1.3.0.4677

Comodo Security
Application.Win32.CloudTest.s
17624

IKARUS anti.virus
AMTSO-CLOUD-Test
t3scan.2.2.29

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.4564

McAfee
Cldcar-Test!3FB121FBBCCB
5600.7270

Norman
Suspicious_Gen4.DOEHT
11.20131226

Panda Antivirus
Trj/CI.A
13.12.26.06

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
AMTSO_TEST_CLOUDCAR
7.2.360

Trend Micro
AMTSO_TEST_CLOUDCAR
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
25492

File size:
7 KB (7,178 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cloudcar.exe

File PE Metadata
Compilation timestamp:
7/9/2010 1:02:46 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
96:syZSyUunB5EKzUQdIkD3OZnF++bzimbuFJJSI+fquyC7tCE/kfYhm:cyUwBc39ZnF+43uFJJROquPA

Entry address:
0x131E

Entry point:
E8, 85, 04, 00, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 40, 31, 40, 00, 89, 0D, 3C, 31, 40, 00, 89, 15, 38, 31, 40, 00, 89, 1D, 34, 31, 40, 00, 89, 35, 30, 31, 40, 00, 89, 3D, 2C, 31, 40, 00, 66, 8C, 15, 58, 31, 40, 00, 66, 8C, 0D, 4C, 31, 40, 00, 66, 8C, 1D, 28, 31, 40, 00, 66, 8C, 05, 24, 31, 40, 00, 66, 8C, 25, 20, 31, 40, 00, 66, 8C, 2D, 1C, 31, 40, 00, 9C, 8F, 05, 50, 31, 40, 00, 8B, 45, 00, A3, 44, 31, 40, 00, 8B, 45, 04, A3, 48, 31, 40, 00, 8D, 45, 08, A3, 54, 31, 40...
 
[+]

Code size:
2.5 KB (2,560 bytes)

The file cloudcar.exe has been seen being distributed by the following 2 URLs.

http://www.amtso.org/amtso/.../cloudcar.exe

http://www.amtso.org/.../cloudcar.exe

Remove cloudcar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.