home

e8a2becf47d5208a892136346aeded28.exe

SAPO

The executable e8a2becf47d5208a892136346aeded28.exe has been detected as malware by 29 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from docs.google.com.
Publisher:
SAPO  (signed and verified)

Version:
17.0.0.188

MD5:
e8a2becf47d5208a892136346aeded28

SHA-1:
78e3a4cfe0c47c4b595abf67c39af52ee94771a5

SHA-256:
d41bdd851535b8d33074e67c60bb0e5dd5bfdb3edf9e03989f24ac1e59292f11

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
5/17/2025 3:56:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2487704
536

Agnitum Outpost
Trojan.DL.Banload
7.1.1

AhnLab V3 Security
Trojan/Win32.Banload
2015.08.11

Avira AntiVirus
TR/Dldr.Agent.452240
8.3.1.6

Arcabit
Trojan.Generic.D25F598
1.0.0.425

AVG
Downloader.MSIL
2016.0.3014

Baidu Antivirus
Trojan.MSIL.Banload
4.0.3.15818

Bitdefender
Trojan.GenericKD.2487704
1.0.20.1150

Emsisoft Anti-Malware
Trojan.GenericKD.2487704
8.15.08.18.02

ESET NOD32
MSIL/TrojanDownloader.Banload.DW
9.12075

Fortinet FortiGate
W32/Banload.BUC!tr.dldr
8/18/2015

F-Prot
W32/Trojan2.OVIG
v6.4.7.1.166

F-Secure
Trojan.GenericKD.2487704
11.2015-18-08_3

G Data
Trojan.GenericKD.2487704
15.8.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Banload
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.207.16845

Kaspersky
Trojan-Downloader.MSIL.Banload
14.0.0.1564

McAfee
Artemis!E8A2BECF47D5
5600.6670

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload
1.1.11903.0

MicroWorld eScan
Trojan.GenericKD.2487704
16.0.0.690

NANO AntiVirus
Trojan.Win32.Banload.dszmsq
0.30.24.3079

nProtect
Trojan.GenericKD.2487704
15.08.11.01

Panda Antivirus
Trj/Agent.IVN
15.08.18.02

Quick Heal
TrojanDownloader.MSIL.rw3
8.15.14.00

Sophos
Mal/Generic-L
4.98

SUPERAntiSpyware
Trojan.Agent/GenericKD
9685

Trend Micro
TROJ_GEN.R01TC0DFN15
10.465.18

VIPRE Antivirus
Trojan.Win32.Generic
42790

Zillya! Antivirus
Downloader.Banload.Win32.65227
2.0.0.2346

File size:
441.6 KB (452,240 bytes)

Product version:
17.0.0.188

Original file name:
ZIPLoader.exe

File type:
Executable application (Win64 EXE)

Digital Signature
Signed by:
SAPO

Authority:
SAPO

Valid from:
6/6/2015 1:08:35 AM

Valid to:
6/6/2016 1:08:35 AM

Subject:
E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Issuer:
E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Serial number:
00A7AB2CD21ECC7345

File PE Metadata
Compilation timestamp:
6/12/2015 1:23:51 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:k+NXkLjyHqHebaRyhLcLO8sFpcc9kZb5ZYk6WcSCSLeyYcEeI/KQ73WmiaDrxJg0:k6OrebJcLO5n9kZVXaJgLmbTz3yTW

Entry address:
0x44F0E

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8698

Code size:
268 KB (274,432 bytes)

The file e8a2becf47d5208a892136346aeded28.exe has been seen being distributed by the following URL.

https://docs.google.com/uc?authuser=0&id=0B_NWrvhUFHQzbWo3cHNWOTJNNk0&export=download

Remove e8a2becf47d5208a892136346aeded28.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.