» dwn.exe
Overview
Analysis
File Details
Downloads (1)

dwn.exe

The executable dwn.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from b-fifa.ru.

File name:

dwn.exe

MD5:

890c16ac460bc682ab7984846d23d7bb

SHA-1:

d430fda50d1d8672c7f38fc48b24ddb943d2371e

SHA-256:

b728673b0603b468a822ab6a24e9ec1aa1231bb9922661e991941a66ad615646

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/25/2024 6:24:32 AM UTC (today)

Scan engine

Detection

Engine version

Bitdefender

Trojan.GenericKD.1205833

1.0.20.1180

Emsisoft Anti-Malware

Trojan.GenericKD.1205833

8.13.08.24.01

ESET NOD32

Win32/Kryptik.BIQS (variant)

7.8722

G Data

Trojan.GenericKD.1205833

13.8.22

Kaspersky

Trojan.Win32.Inject

14.0.0.3773

MicroWorld eScan

Trojan.GenericKD.1205833

14.0.0.708

Sophos

Mal/Generic-S

4.91

File size:

388.4 KB (397,683 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\dwn.exe

File PE Metadata

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.25

CTPH (ssdeep):

3072:2y+qSSsE+PP9WwutFr55tGKTwz2PS8SL2ltiUHtU78VoWrOD8FtBY4wT7Aq84x2Z:n+pSshP9WwutJczoFSL2PhNXVxhYplW

Entry address:

0x1000

Entry point:

E9, FB, 1F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4988

Packer / compiler:

Xtreme-Protector v1.05

Code size:

512 Bytes (512 bytes)

The file dwn.exe has been seen being distributed by the following URL.

http://b-fifa.ru/wp-content/uploads/2011/.../dwn.exe

Remove dwn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.