home

LD-Scan.exe

Z-Analyse

Smeenk

The executable LD-Scan.exe, “Analysing Tool - Linha Defensiva Forum” has been detected as malware by 19 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from hijackthis.nl.
Publisher:
Smeenk

Product:
Z-Analyse

Description:
Analysing Tool - Linha Defensiva Forum

Version:
1,0,0,2

MD5:
883b91d528592b9f225747722b22c729

SHA-1:
60401846f086b5791463b8f663025e0526257ea3

SHA-256:
6301b6948878fc99841ffc27d382fb37269b3e02a06fe6be0dcc146d244a45b3

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
4/18/2024 3:28:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11141541
1016

Agnitum Outpost
Trojan.Inject
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.144.160

avast!
Win32:Malware-gen
2014.9-140424

Bitdefender
Trojan.Generic.11141541
1.0.20.570

Dr.Web
Trojan.Inject1.40492
9.0.1.0114

Emsisoft Anti-Malware
Trojan.Generic.11141541
8.14.04.24.05

F-Secure
Trojan.Generic.11141541
11.2014-24-04_5

G Data
Trojan.Generic.11141541
14.4.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.176.11833

McAfee
Artemis!883B91D52859
5600.7150

MicroWorld eScan
Trojan.Generic.11141541
15.0.0.342

Norman
Suspicious_Gen2.VVUVF
11.20140424

nProtect
Trojan.Generic.11141541
14.04.21.01

Qihoo 360 Security
HEUR/Malware.QVM18.Gen
1.0.0.1015

Sophos
NirCmd
4.98

Trend Micro House Call
TROJ_GEN.F47V0323
7.2.114

VIPRE Antivirus
Trojan.Win32.Generic
28474

File size:
1.3 MB (1,341,952 bytes)

Product version:
1,0,0,2

Copyright:
2013 - 2014 (c) Smeenk - http://www.hijackthis.nl/

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ld-scan.exe

File PE Metadata
Compilation timestamp:
11/8/2010 8:12:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
24576:OP3ccOCgBHh4fCe8c7SQj1A0Z9Et5Ez2HRpCUVOf14F8JR:OKCgZh4qePey9EbEeCMOf14mH

Entry address:
0x298F70

Entry point:
60, BE, 15, 40, 55, 00, 8D, BE, EB, CF, EA, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 88, 69, 29, 00, 57, 83, C3, 04, 53, 68, 53, 4F, 14, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9987  (probably packed)

Code size:
1.3 MB (1,335,296 bytes)

The file LD-Scan.exe has been seen being distributed by the following URL.

http://hijackthis.nl/smeenk/.../LD-Scan.exe

Remove LD-Scan.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.