home

detran-notificacaonov2014.exe

The executable detran-notificacaonov2014.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.sugarsync.com.
Description:
Hje M M.E

Version:
1.0.0.0

MD5:
e2fecafbefb5481251b1e639fd32f9f6

SHA-1:
8177c306b2c51e1ab28d1eb747f3dbc0b213753f

SHA-256:
6f5136bb5823f9b840c45070a3b4774c2eedabd9a54d98584ae70d5f3c339ded

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/24/2024 7:59:33 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Banload
2014.11.18

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.141120

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2917

Malwarebytes
Spyware.Password
v2014.11.20.12

McAfee
Artemis!E2FECAFBEFB5
5600.6940

Norman
Downloader
11.20141120

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V1117
7.2.324

File size:
1.1 MB (1,196,544 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Hebraico (Israel)

Common path:
C:\users\{user}\downloads\detran-notificacaonov2014.exe

File PE Metadata
Compilation timestamp:
11/17/2014 1:05:06 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:fMrQV8NptJzjrED4IoxKGJVKzKBroTezje9u4FlFepNl0VGO:f0osxzsD4IcJIzKBroRFlkpNAG

Entry address:
0xF0C54

Entry point:
55, 8B, EC, B9, 06, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 94, C5, 25, 7F, E8, 38, CD, F1, FF, 33, C0, 55, 68, ED, 0D, 26, 7F, 64, FF, 30, 64, 89, 20, E8, 1D, B2, FF, FF, 6A, 02, E8, 1A, DA, F1, FF, B8, 60, A0, 26, 7F, E8, 78, 95, F3, FF, 8D, 4D, EC, B2, 01, E8, 56, C9, F2, FF, 8B, 55, EC, B8, 64, A0, 26, 7F, E8, 79, 84, F1, FF, A1, 64, A0, 26, 7F, BA, 08, 0E, 26, 7F, E8, 36, 8F, F1, FF, 75, 07, 6A, 00, E8, E5, D7, F1, FF, 68, 20, 4E, 00, 00, E8, AF, 35, F3, FF, 68, 14, 0E, 26, 7F, 6A, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
959.5 KB (982,528 bytes)

The file detran-notificacaonov2014.exe has been seen being distributed by the following URL.

https://www.sugarsync.com/.../D3722693_886_096740254?directDownload=true

Remove detran-notificacaonov2014.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.