home

intimacao-mpf.exe

Outlook

The executable intimacao-mpf.exe has been detected as malware by 33 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from seguro2.sitebr.net.
Product:
Outlook

Version:
1.0.0.0

MD5:
26b43bf9e8326eafd135cd51417a276c

SHA-1:
a6c3087c8aaa8c8cd465f2a455c7f40f21ae8c6b

SHA-256:
3a98c5cfe6a541555036037dca48edee5e62ada54ad68cbebd6c5fae0975e7ab

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
8/17/2025 1:19:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2307963
283

Agnitum Outpost
Trojan.DL.Banload
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2015.05.20

Avira AntiVirus
TR/Dldr.Agent.198144.28
8.3.1.6

avast!
MSIL:Banker-AD [Trj]
2014.9-160426

AVG
Downloader.MSIL
2017.0.2761

Baidu Antivirus
Trojan.MSIL.Banload
4.0.3.16426

Bitdefender
Trojan.GenericKD.2307963
1.0.20.585

Comodo Security
UnclassifiedMalware
22185

Emsisoft Anti-Malware
Trojan.GenericKD.2307963
8.16.04.26.12

ESET NOD32
MSIL/TrojanDownloader.Banload.DD (variant)
10.11654

Fortinet FortiGate
MSIL/Banload.DD!tr.dldr
4/26/2016

F-Secure
Trojan.GenericKD.2307963
11.2016-26-04_3

G Data
Trojan.GenericKD.2307963
16.4.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Banload
t3scan.1.8.9.0

K7 AntiVirus
Trojan-Downloader
13.204.15968

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.302

Malwarebytes
Trojan.Banker.ABR
v2016.04.26.12

McAfee
RDN/PWS-Banker!dx
5600.6417

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload
1.1.11701.0

MicroWorld eScan
Trojan.GenericKD.2307963
17.0.0.351

NANO AntiVirus
Trojan.Win32.Agent.drbvae
0.30.24.1357

Norman
Limitail.PDB
11.20160426

nProtect
Trojan.GenericKD.2307963
15.05.20.01

Panda Antivirus
Trj/CI.A
16.04.26.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.Banload.r4
4.16.14.00

Sophos
Troj/MSIL-COV
4.98

Trend Micro House Call
TROJ_GEN.R02KC0EDQ15
7.2.117

Trend Micro
TROJ_GEN.R02KC0EDQ15
10.465.26

Vba32 AntiVirus
TrojanDownloader.MSIL.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
40400

Zillya! Antivirus
Downloader.Banload.Win32.62041
2.0.0.2185

File size:
193.5 KB (198,144 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
Power.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\intimacao-mpf.exe

File PE Metadata
Compilation timestamp:
4/18/2015 9:09:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:+zJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qhiUF2iDcGC9YFT8U:9WROJNhpeBUDnq/FPW9eAU

Entry address:
0x2E00E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
176.5 KB (180,736 bytes)

The file intimacao-mpf.exe has been seen being distributed by the following URL.

http://seguro2.sitebr.net/.../INTIMACAO-MPF.exe

Remove intimacao-mpf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.