» icloud remover 1.0.exe
Overview
Analysis
File Details
Downloads (7)

icloud remover 1.0.exe

Slwestr

The executable icloud remover 1.0.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from w459883.blob2.ge.tt and multiple other hosts.

File name:

Publisher:

Slwestr

Product:

Slwestr

Version:

4.04.0004

MD5:

50b33161dfdaa32049f3c3c107db2d30

SHA-1:

b72736753b7d99e7073052542fee84758f2f155b

SHA-256:

67792ce6f4edf07c324f314e5d1be3681dcbb5cbec97de53ecf0ba99429965d6

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/25/2024 5:50:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.1813

1094

Agnitum Outpost

Trojan.PWS.Ruftar

7.1.1

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.127.248

avast!

Win32:Malware-gen

2014.9-140205

AVG

Inject

2015.0.3572

Baidu Antivirus

Trojan.Win32.InfoStealer

4.0.3.1425

Bitdefender

Gen:Variant.Barys.1813

1.0.20.180

Comodo Security

TrojWare.Win32.Injector.ADKK

17695

Dr.Web

Trojan.DownLoader9.7798

9.0.1.036

Emsisoft Anti-Malware

Gen:Variant.Barys.1813

8.14.02.05.09

ESET NOD32

Win32/PSW.VB.NIS (variant)

8.9355

Fortinet FortiGate

W32/VBObfus.C!tr

2/5/2014

F-Secure

Trojan:W32/VBinject.Y

11.2014-05-02_4

G Data

Gen:Variant.Barys.1813

14.2.24

IKARUS anti.virus

Virus.Win32.VBInject

t3scan.2.2.29

K7 AntiVirus

EmailWorm

13.175.11003

Kaspersky

Trojan-PSW.Win32.Ruftar

14.0.0.4355

McAfee

Artemis!50B33161DFDA

5600.7228

Microsoft Security Essentials

VirTool:Win32/VBInject.gen!BP

1.165.247.01

MicroWorld eScan

Gen:Variant.Barys.1813

15.0.0.108

NANO AntiVirus

Riskware.Win32.PassView.bxojwa

0.28.0.57473

Norman

Troj_Generic.RWASY

11.20140205

Panda Antivirus

Trj/CI.A

14.02.05.09

Qihoo 360 Security

Win32/Trojan.68c

1.0.0.1015

Quick Heal

Trojan.VBInject

2.14.12.00

Rising Antivirus

PE:Trojan.Win32.Generic.16434F18!373509912

23.00.65.14203

Sophos

Mal/VB-FD

4.97

Trend Micro House Call

TROJ_GEN.F0C2C00A414

7.2.36

Trend Micro

TROJ_GEN.F0C2C00A414

10.465.05

Vba32 AntiVirus

Malware-Cryptor.VB.gen.1

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

25946

File size:

205.5 KB (210,432 bytes)

Product version:

4.04.0004

Slwestr

Trademarks:

Slwestr

Original file name:

STUB.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\icloud remover 1.0.exe

File PE Metadata

Compilation timestamp:

7/16/2013 9:47:39 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:TkLdUFkspmmZICwCV3Xp1o1FmKZ0lmyR0sf4b2A4GhoS:RNmmZwEXp1o1FmgYmc0sAbBxoS

Entry address:

0x41FE0

Entry point:

60, BE, 00, 10, 41, 00, 8D, BE, 00, 00, FF, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 72, F2, 03, 00, 57, 83, C3, 04, 53, 68, D8, 0F, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9426 (probably packed)

Code size:

200 KB (204,800 bytes)

The file icloud remover 1.0.exe has been seen being distributed by the following 7 URLs.

http://w459883.blob2.ge.tt/streams/.../iCloud Remover 1.0.exe

http://w725673.open.ge.tt/1/files/6apK0HB1/.../blob?download

http://w962049.blob1.ge.tt/streams/.../iCloud Remover 1.0.exe

http://w807137.open.ge.tt/1/files/6apK0HB1/0/blob?referer=http://ge.tt/6apK0HB1/.../0&user=anon-ktYkDcPTpdlXmDRbiBz1r3hhsLupE2leoKYZp7cZ-6apK0HB1&download=

http://w132715.blob1.ge.tt/streams/.../iCloud Remover 1.0.exe

http://w354671.open.ge.tt/1/files/6apK0HB1/0/blob?referer=http://ge.tt/6apK0HB1/.../0&user=anon-ktYkDcPTpdlXmDRbiBz1r3hhsLupE2leoKYZp7cZ-6apK0HB1&download=

http://ge.tt/api/1/files/6apK0HB1/.../blob?download

Remove icloud remover 1.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.