» comunicadodebito_receitafederal_ghs44125.exe
Overview
Analysis
File Details
Downloads (1)

comunicadodebito_receitafederal_ghs44125.exe

The executable comunicadodebito_receitafederal_ghs44125.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.prontogourmetnatal.com.br.

File name:

MD5:

6f3a1035fd87d5bfe729fbd3476ee826

SHA-1:

18836edd1332966a967478c2c5702b85d5d0798a

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

5/17/2025 12:11:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2282309

262

Agnitum Outpost

Trojan.DL.Banload

7.1.1

avast!

Win32:Dropper-gen [Drp]

2014.9-160518

AVG

Downloader.Banload2

2017.0.2740

Baidu Antivirus

Trojan.Win32.Banload

4.0.3.16518

Bitdefender

Trojan.GenericKD.2282309

1.0.20.695

Emsisoft Anti-Malware

Trojan.GenericKD.2282309

8.16.05.18.01

ESET NOD32

Win32/TrojanDownloader.Banload.VND (variant)

10.11482

Fortinet FortiGate

W32/Banker.ABKH!tr.spy

5/18/2016

F-Secure

Trojan.GenericKD.2282309

11.2016-18-05_4

G Data

Trojan.GenericKD.2282309

16.5.25

IKARUS anti.virus

Trojan-Downloader.Win32.Banload

t3scan.1.8.9.0

K7 AntiVirus

Trojan-Downloader

13.202.15614

Kaspersky

Trojan-Downloader.Win32.Banload

14.0.0.195

Malwarebytes

Trojan.Banker.IMGen

v2016.05.18.01

McAfee

RDN/PWS-Banker!dw

5600.6396

Microsoft Security Essentials

TrojanDownloader:Win32/Banload.AZB

1.1.11502.0

MicroWorld eScan

Trojan.GenericKD.2282309

17.0.0.417

NANO AntiVirus

Trojan.Win32.Banload.dqhczc

0.30.16.1110

Norman

Banload.DEMC

11.20160518

nProtect

Trojan.GenericKD.2282309

15.04.16.01

Panda Antivirus

Trj/Genetic.gen

16.05.18.01

Qihoo 360 Security

HEUR/QVM11.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R03AC0DDF15

7.2.139

Trend Micro

TROJ_GEN.R03AC0DDF15

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

39394

File size:

808 KB (827,392 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\documents and settings\rogerio\meus documentos\downloads\comunicadodebito_receitafederal_ghs44125.exe

File PE Metadata

Compilation timestamp:

4/7/2015 8:14:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:aAhsxwqURmhGu8zoNyjVs9n6X1+/QEPZdDnLuxicHA:a9xD8zpOl/JHSjA

Entry address:

0x2BF640

Entry point:

60, BE, 00, 70, 5F, 00, 8D, BE, 00, A0, E0, FF, C7, 87, 2C, AC, 25, 00, EE, 6A, 89, 50, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

804 KB (823,296 bytes)

The file comunicadodebito_receitafederal_ghs44125.exe has been seen being distributed by the following URL.

http://www.prontogourmetnatal.com.br/wp-content/themes/twentythirteen/inc/.../?ComunicadoDebito_ReceitaFederal_KgH2214

Remove comunicadodebito_receitafederal_ghs44125.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.