» intimacao-mpf.exe
Overview
Analysis
File Details
Downloads (1)

intimacao-mpf.exe

FlashPlayer

The executable intimacao-mpf.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from seguro2.sitebr.net.

File name:

intimacao-mpf.exe

Product:

FlashPlayer

Description:

Adobe

Version:

1.0.0.0

MD5:

0ab50b2f773ba4d545ebaa1253fc1a6d

SHA-1:

08edb5f334ae8368113b2ee28d39da37a2a9d469

SHA-256:

906c9ee4c2bc7f865e5a432fe7dbfe4d1a32543d11d804de5fe7a6409a68b0a1

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

8/16/2025 11:35:19 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.139133

645

AhnLab V3 Security

Spyware/Win32.Limitail

2015.05.01

avast!

Win32:GenMaliciousA-SEY [Trj]

2014.9-150501

AVG

Downloader.MSIL

2016.0.3123

Baidu Antivirus

Trojan.MSIL.Banload

4.0.3.1551

Bitdefender

Gen:Variant.Zusy.139133

1.0.20.605

Comodo Security

UnclassifiedMalware

21953

Dr.Web

Trojan.DownLoader13.4591

9.0.1.0121

Emsisoft Anti-Malware

Gen:Variant.Zusy.139133

8.15.05.01.06

ESET NOD32

MSIL/TrojanDownloader.Banload.DD (variant)

9.11560

Fortinet FortiGate

MSIL/Banload.DD!tr.dldr

5/1/2015

F-Secure

Gen:Variant.Zusy.139133

11.2015-01-05_6

G Data

Gen:Variant.Zusy.139133

15.5.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Banload

t3scan.1.8.9.0

K7 AntiVirus

Trojan-Downloader

13.203.15767

Kaspersky

Trojan-Downloader.MSIL.Banload

14.0.0.2109

McAfee

Trojan-FGGO!0AB50B2F773B

5600.6779

Microsoft Security Essentials

TrojanDownloader:MSIL/Banload

1.1.11602.0

MicroWorld eScan

Gen:Variant.Zusy.139133

16.0.0.363

Norman

Troj_Generic_2.FERM

11.20150501

Panda Antivirus

Trj/CI.A

15.05.01.06

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Mal/MSIL-OF

4.98

Trend Micro House Call

TROJ_GEN.R0E9C0DDT15

7.2.121

Trend Micro

TROJ_GEN.R0E9C0DDT15

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

39840

ViRobot

Trojan.Win32.S.Agent.251904.BJ[h]

2014.3.20.0

File size:

246 KB (251,904 bytes)

Product version:

1.0.0.0

Original file name:

Branco.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\intimacao-mpf.exe

File PE Metadata

Compilation timestamp:

4/27/2015 7:27:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:QzJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qh7E+qZd97cyfHSeH8w1OF1Wz5Wc:nWROJNhpeBUDnqqf94yp8wYFk5Wc

Entry address:

0x2DE3E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

176 KB (180,224 bytes)

The file intimacao-mpf.exe has been seen being distributed by the following URL.

http://seguro2.sitebr.net/.../INTIMACAO-MPF.exe

Remove intimacao-mpf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.