home

formulario candidatos 2016.pdf.exe

The executable formulario candidatos 2016.pdf.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from goo.gl.
MD5:
4da29791675f4aafe15d265ae025a9bf

SHA-1:
b6bf11dd88ec5f5748a44dd88b5c408dbac62580

SHA-256:
10f4fb8fcae947b984bd571104aa9bb18ad101843543a37881d5d8250b5a50fd

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
4/18/2024 4:07:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.199548
185

Avira AntiVirus
TR/Downloader.icqg
8.3.3.4

Arcabit
Trojan.Zusy.D30B7C
1.0.0.741

avast!
Win32:Trojan-gen
2014.9-160802

AVG
Downloader.Banload2
2017.0.2663

Bitdefender
Gen:Variant.Zusy.199548
1.0.20.1075

Emsisoft Anti-Malware
Gen:Variant.Zusy.199548
8.16.08.02.05

ESET NOD32
Win32/TrojanDownloader.Banload.XKU (variant)
10.13814

F-Secure
Gen:Variant.Zusy.199548
11.2016-02-08_3

G Data
Gen:Variant.Zusy.199548
16.8.25

McAfee
Artemis!4DA29791675F
5600.6319

Microsoft Security Essentials
TrojanDownloader:Win32/Banload
1.1.12902.0

MicroWorld eScan
Gen:Variant.Zusy.199548
17.0.0.645

Trend Micro
TROJ_GEN.R00XC0DGG16
10.465.02

File size:
952 KB (974,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\formulario candidatos 2016.pdf.exe

File PE Metadata
Compilation timestamp:
7/13/2016 7:29:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:faO3NYYn1PXp7tgq1yK6orAmdQOeGMBWJ2hmYMHgcUZOfT:SOx1fp7tgqknCAm6OJ2huAcOA

Entry address:
0x1000

Entry point:
B8, B4, AE, 79, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 49, B8, 88, 70, B9, 7F, 02, E4, D4, E7, A3, 09, EC, C0, 98, A1, 5C, B1, A8, F6, E3, C3, 31, 09, CF, 1F, C1, 4E, AB, B4, 5C, ED, 5C, 9F, 7F, 67, 31, 46, 42, 2A, F2, AE, C0, 51, E7, 04, 3B, B8, 82, D5, 97, 37, 7C, 93, 78, 0D, 1B, 57, 90, E9, A5, 95, D9, 44, 96, 60, DD, 40, F4, C1, F9, 67, 8C, 66, A6, EB, 35, FD, 1D, 17, 29, D6, 74, 16, EA, 22...
 
[+]

Packer / compiler:
PECompact v2

Code size:
3.1 MB (3,204,608 bytes)

The file formulario candidatos 2016.pdf.exe has been seen being distributed by the following URL.

https://goo.gl/wbSX9l

Remove formulario candidatos 2016.pdf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.