» faturacaixa.rar.exe
Overview
Analysis
File Details
Downloads (1)

faturacaixa.rar.exe

antman32

Artpointsof

The executable faturacaixa.rar.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fd7072243b76f704202d4af5fdc56757.renovacaofatura.com.

File name:

faturacaixa.rar.exe

Publisher:

Artpointsof

Product:

antman32

Version:

1.00

MD5:

82e5357a2c323c8040e0f7f99d5e799b

SHA-1:

2c89e547c99cebecc2428b74f78268a7aea2fc74

SHA-256:

ec7d22b0f8b923ad539d16fe80fdc3e6058e2c84591dfbc5bdc5dd64e529d580

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

5/17/2025 2:34:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.16724

478

Avira AntiVirus

TR/VB.Downloader.Gen

8.3.1.6

avast!

Win32:Dropper-gen [Drp]

2014.9-151014

AVG

Generic36

2016.0.2956

Baidu Antivirus

Trojan.Win32.Downloader

4.0.3.151014

Bitdefender

Gen:Variant.Kazy.16724

1.0.20.1435

Emsisoft Anti-Malware

Gen:Variant.Kazy.16724

8.15.10.14.09

ESET NOD32

probably unknown NewHeur_PE

9.11638

Fortinet FortiGate

W32/VB.ZIL!tr.dldr

10/14/2015

F-Prot

W32/VBTrojan.17D1

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.16724

11.2015-14-10_4

G Data

Gen:Variant.Kazy.16724

15.10.25

Kaspersky

Trojan-Downloader.Win32.Genome

14.0.0.1276

Malwarebytes

Trojan.Agent.CV

v2015.10.15.03

McAfee

Artemis!82E5357A2C32

5600.6612

Microsoft Security Essentials

TrojanDownloader:Win32/Banload.BBP

1.1.11903.0

MicroWorld eScan

Gen:Variant.Kazy.16724

16.0.0.861

Panda Antivirus

Trj/CI.A

15.10.14.09

Qihoo 360 Security

Win32/Trojan.162

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.10.15.11

Sophos

Troj/VB-IQN

4.98

Trend Micro House Call

TROJ_GEN.R047B01EG15

7.2.287

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

40300

File size:

40 KB (40,960 bytes)

Product version:

1.00

Original file name:

antman32.exe

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Common path:

C:\users\{user}\downloads\faturacaixa.rar.exe

File PE Metadata

Compilation timestamp:

5/15/2015 9:10:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:OXkE1SchQvixvlSyFN615VnJrM9YM6Vq86c5QH:CxzhQvixvlSyFN6D5JrSZ6c86mQH

Entry address:

0x12FC

Entry point:

68, 80, 14, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, A8, A2, AD, 45, C1, 7E, F5, 48, AD, A7, 98, 9A, 56, AF, B8, 37, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 62, 61, 6E, 74, 6D, 61, 6E, 33, 32, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 8F, 64, CD, 56, 25, 78, 32, 40, AB, 4A, BC, 51, FC, EB, 87, F5, 60, 4B, 32, A0, AA, A6, 1D, 4D, A7, B9, B2, 30, 77, AD, D0, BE, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

20 KB (20,480 bytes)

The file faturacaixa.rar.exe has been seen being distributed by the following URL.

http://fd7072243b76f704202d4af5fdc56757.renovacaofatura.com/.../?id=9021899

Remove faturacaixa.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.