logonapplicationxpportable.exe

The executable logonapplicationxpportable.exe has been detected as malware by 26 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download2019.mediafire.com.
MD5:
47f35abf9c4178cc09e85d857efe1d52

SHA-1:
ee973592626d0ede6e89c02a97b6324197491ae1

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
12/10/2018 6:37:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11857773
272

Agnitum Outpost
Trojan.Shakblades
7.1.1

avast!
Win32:Malware-gen
2014.9-160507

AVG
Generic33
2017.0.2750

Baidu Antivirus
Trojan.Win32.Jorik.Shakblades
4.0.3.1657

Bitdefender
Trojan.GenericKD.1743121
1.0.20.640

Comodo Security
UnclassifiedMalware
21959

Emsisoft Anti-Malware
Trojan.GenericKD.1743121
8.16.05.07.07

Fortinet FortiGate
W32/Jorik_Shakblades.DEC!tr
5/7/2016

F-Secure
Trojan.GenericKD.1743121
11.2016-07-05_7

G Data
Trojan.GenericKD.1743121
16.5.25

IKARUS anti.virus
Trojan.Win32.Jorik
t3scan.1.8.9.0

K7 AntiVirus
Riskware
13.203.15777

Kaspersky
Trojan.Win32.Jorik.Shakblades
14.0.0.246

McAfee
Artemis!47F35ABF9C41
5600.6406

MicroWorld eScan
Trojan.Generic.11857773
17.0.0.384

NANO AntiVirus
Trojan.Win32.Jorik.coctzt
0.30.24.1357

Norman
Jorik.KIK
11.20160507

nProtect
Trojan.GenericKD.1743121
15.04.30.01

Qihoo 360 Security
Win32/Trojan.d29
1.0.0.1015

Quick Heal
Trojan.ZAgent.r3
5.16.14.00

Sophos
Mal/Generic-L
4.98

Trend Micro House Call
TROJ_GE.F02FEF3C
7.2.128

Trend Micro
TROJ_GE.F02FEF3C
10.465.07

Vba32 AntiVirus
Trojan.Jorik.Shakblades
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39850

File size:
757.9 KB (776,073 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\paola\escritorio\carpetas\aplicaciones\logonapplicationxpportable.exe

File PE Metadata
Compilation timestamp:
2/10/2010 2:09:37 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:WczJJhqrVPlojoP7l2r5IK/zn+2L+/xueoP6CZS4DjOUS14vBt30upYDnKn+MFCk:WczJKVdojoTAI+YyP6qU1+Btku+nKn+e

Entry address:
0xA785

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, F6, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, D5, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
66 KB (67,584 bytes)

The file logonapplicationxpportable.exe has been seen being distributed by the following URL.

Remove logonapplicationxpportable.exe - Powered by Reason Core Security