home

infracao_transito_39288344.exe

GdTumfTQ

Dinosaur

The executable infracao_transito_39288344.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storage.googleapis.com.
Publisher:
Dinosaur  (signed and verified)

Product:
GdTumfTQ

Version:
3.0.0.0

MD5:
6b58e6c03bd6f43c5f779dda574b077c

SHA-1:
4596fe15162c63cabae0ff843f53d40b9bb9ce6d

SHA-256:
75e64425f57316b74d16eeee4791a960a1eb11d9cbb29b091fc68c1ab559d2a1

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
5/16/2024 3:07:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2256294
613

Avira AntiVirus
TR/Dldr.Waski.528408
3.6.1.96

avast!
Win32:Broban-AR [Trj]
2014.9-150601

AVG
PSW.MSIL
2016.0.3091

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.1561

Bitdefender
Trojan.GenericKD.2256294
1.0.20.760

Comodo Security
UnclassifiedMalware
21884

Dr.Web
Trojan.DownLoader12.50721
9.0.1.0152

Emsisoft Anti-Malware
Trojan.GenericKD.2256294
8.15.06.01.08

ESET NOD32
MSIL/Kryptik.BPM (variant)
9.11530

Fortinet FortiGate
Generik.HCPCCHG!tr
6/1/2015

F-Secure
Trojan.GenericKD.2256294
11.2015-01-06_2

G Data
Trojan.GenericKD.2256294
15.6.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15707

Kaspersky
Trojan-Banker.MSIL.Agent
14.0.0.1951

McAfee
RDN/PWS-Banker!dw
5600.6747

MicroWorld eScan
Trojan.GenericKD.2256294
16.0.0.456

NANO AntiVirus
Trojan.Win32.DownLoader12.dpwcou
0.30.20.1219

Norman
Suspicious_Gen4.IEGST
11.20150601

nProtect
Trojan.GenericKD.2256294
15.04.24.01

Panda Antivirus
Trj/CI.A
15.06.01.08

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
TrojanBanker.MSIL.r3
6.15.14.00

Sophos
Troj/MSIL-CGR
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00DI15
7.2.152

Trend Micro
TROJ_GEN.F0C2C00DI15
10.465.01

Vba32 AntiVirus
TrojanBanker.MSIL.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
39658

File size:
516 KB (528,408 bytes)

Product version:
3.0.0.0

Copyright:
Copyright GdTumfTQ © 2015

Original file name:
GdTumfTQ.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\infracao_transito_39288344.exe

Digital Signature
Signed by:
Dinosaur

Authority:
getaCert - www.getacert.com

Valid from:
3/15/2015 7:51:03 PM

Valid to:
5/14/2015 7:51:03 PM

Subject:
E=T.Rex@gmail.com, CN=Dinosaur, OU=Dinosaur CEO, O=Dinosaur, L=Pandora, S=Pandora, C=GB

Issuer:
O=getaCert - www.getacert.com, L=Seattle, S=Washington, C=US

Serial number:
0CF5

File PE Metadata
Compilation timestamp:
3/25/2015 4:29:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:RlWRhSSqaGlWoNnl9TLGQY+eOyC38FARKoA+wUGlazJdKc+Wz:RlWWSqaq5TLpKEz

Entry address:
0x79EFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
480 KB (491,520 bytes)

The file infracao_transito_39288344.exe has been seen being distributed by the following URL.

https://storage.googleapis.com/.../Infracao_Transito_39288344.exe

Remove infracao_transito_39288344.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.