home

igbpcefwr.exe

Instalação do Módulo Adicional de Segurança CAIXA

Caixa Economica Federal

The executable igbpcefwr.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from imagem.caixa.gov.br.
Publisher:
CAIXA  (signed by Caixa Economica Federal)

Product:
Instalação do Módulo Adicional de Segurança CAIXA

Version:
1,5,1,1

MD5:
977a338f022b02d7b48ee802fc1f5489

SHA-1:
73fcbaa134f6f811992b40fdf8d1f776e1abe308

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
5/10/2024 3:28:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.SlugIn.A
5813571

avast!
Win32:Patched-JI
160119-0

AVG
Win32/Slugin.A
2015.0.4489

Clam AntiVirus
Trojan.Spy-59563
0.98/21318

Dr.Web
Win32.Wplugin.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.SlugIn
10.0.0.5366

ESET NOD32
Win32/Slugin.A virus
7.0.302.0

F-Prot
W32/Slugin.B
4.6.5.141

Kaspersky
Virus.Win32.Slugin
15.0.0.562

McAfee
Virus.W32/Wplugin
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.4860.0

Norman
Win32.SlugIn.A
03.12.2014 13:20:04

Sophos
Virus 'W32/Slugin-A'
5.22

VIPRE Antivirus
Threat.4314870
46794

File size:
2.6 MB (2,759,819 bytes)

Product version:
1,5,1,1

Copyright:
Copyright © 2015, CAIXA

Original file name:
GBPCEF

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\documents and settings\balcao\meus documentos\downloads\igbpcefwr.exe

Digital Signature
Signed by:
Caixa Economica Federal

Authority:
GlobalSign nv-sa

Valid from:
7/9/2015 4:53:53 PM

Valid to:
7/9/2018 4:53:53 PM

Subject:
E=grist@caixa.gov.br, CN=Caixa Economica Federal, O=Caixa Economica Federal, L=Brasilia, S=Distrito Federal, C=BR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D0E6A0DE2EA4B9AF64B9F1517CB0695C

File PE Metadata
Compilation timestamp:
8/7/2015 6:58:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:FxvF3KKaaX4wE1Sy9EBTOTt5UREfkmHpQzc:X9xaB1JpQA

Entry address:
0x12D102

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 55, 02, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 55, 02, 89, 45, 00, 8B, 83, B3, 4B, 55, 02, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 55, 02, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 55, 02, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 55, 02, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
1.4 MB (1,491,968 bytes)

The file igbpcefwr.exe has been seen being distributed by the following URL.

https://imagem.caixa.gov.br/banner/.../iGBPCEFwr.exe

Remove igbpcefwr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.