home

fastloader.exe

Chromium

Aksis Bilişim Teknolojileri Bilgi İşlem ve İletişim Tic. Ltd. Şti.

The executable fastloader.exe has been detected as malware by 20 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fastloadder.googlecode.com.
Publisher:
Aksis Bilişim Teknolojileri Bilgi İşlem ve İletişim Tic. Ltd. Şti.  (signed and verified)

Product:
Chromium

Version:
1.03.0003

MD5:
af7b730d97a886f1f631d226ff6a2ba9

SHA-1:
628b93fe200126bef083fb5033e0658ee3ecccf6

SHA-256:
cdb70d1816fd7791c5dd704fb20f62d325094b4e2bbe9853189d8a295ce7bf9b

Scanner detections:
20 / 68

Status:
Malware

Analysis date:
4/26/2024 6:17:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1645372
977

Avira AntiVirus
TR/Dropper.Gen7
7.11.149.220

AVG
Luhe.Fiha.A
2015.0.3455

Bitdefender
Trojan.GenericKD.1645372
1.0.20.765

Emsisoft Anti-Malware
Trojan.GenericKD.1645372
8.14.06.02.02

ESET NOD32
JS/ExtenBro.FBook.AS
8.9805

Fortinet FortiGate
W32/Antavmu.ABFE!tr
6/2/2014

F-Secure
Trojan:W32/Kilim.P
11.2014-02-06_2

G Data
Trojan.GenericKD.1645372
14.6.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

Kaspersky
Trojan.Win32.Antavmu
14.0.0.3772

McAfee
RDN/PWS-Banker!df
5600.7111

Microsoft Security Essentials
Trojan:Win32/Kilim.G
1.10502

MicroWorld eScan
Trojan.GenericKD.1645372
15.0.0.459

nProtect
Trojan.GenericKD.1645372
14.05.15.01

Qihoo 360 Security
Win32/Trojan.Dropper.fae
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_DADOBRA.VTY
7.2.153

Trend Micro
TROJ_DADOBRA.VTY
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
29246

File size:
547.5 KB (560,672 bytes)

Product version:
1.03.0003

Original file name:
chromium.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fastloader.exe

Digital Signature
Signed by:
Aksis Bilişim Teknolojileri Bilgi İşlem ve İletişim Tic. Ltd. Şti.

Authority:
DigiCert Inc

Valid from:
4/7/2014 3:00:00 AM

Valid to:
6/14/2017 3:00:00 PM

Subject:
CN=Aksis Bilişim Teknolojileri Bilgi İşlem ve İletişim Tic. Ltd. Şti., O=Aksis Bilişim Teknolojileri Bilgi İşlem ve İletişim Tic. Ltd. Şti., L=Ümraniye, S=Istanbul, C=TR

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
03EDF0A4162316E93034A1C850F75A7C

File PE Metadata
Compilation timestamp:
4/8/2014 1:53:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:yVdIxsYTn2A0Rd8ct6R/ObTsKgEmtbVB4ZK:Qd9YzVcE2VgxB4o

Entry address:
0x2740

Entry point:
68, 74, 1C, 41, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BF, EB, 69, 59, BD, 82, 6E, 45, 85, BC, 9A, 76, E7, 32, A9, 48, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 44, 00, 86, 50, 82, 01, 43, 68, 72, 6F, 6D, 69, 75, 6D, 00, 00, 00, 00, F4, B3, A0, 00, 00, 00, 00, 00, B0, B3, A0, 00, B8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 07, 00, 00, 00, EE, E6, D2, 0E, D0, 69, D5, 4D, B9, 65, C2, DA, 42, 81, C6, A0, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
468 KB (479,232 bytes)

The file fastloader.exe has been seen being distributed by the following URL.

http://fastloadder.googlecode.com/svn/.../FastLoader.exe

Remove fastloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.