home

macro flooding tool.exe

aaICO

ATI Research, Inc.

The executable macro flooding tool.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download2075.mediafire.com and multiple other hosts.
Publisher:
ATI Research, Inc.

Product:
aaICO

Version:
2.02

MD5:
488945135513ece2e3acc37604acb722

SHA-1:
0e031f8de780fca355908bac3d7ea6bbaf29413b

SHA-256:
33cae97388336dcae68178b0943e76c632b7c4aa1d5000d5442bcb626426b6c5

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
5/16/2024 2:43:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2188329
367

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

Agnitum Outpost
Trojan.Fsysna
7.1.1

Avira AntiVirus
TR/Dropper.Gen
8.3.2.4

Arcabit
Trojan.Generic.D216429
1.0.0.646

avast!
Win32:Malware-gen
2014.9-160203

AVG
Win32/DH{Sw?}
2017.0.2845

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.1623

Bitdefender
Trojan.GenericKD.2188329
1.0.20.170

Comodo Security
UnclassifiedMalware
24035

Emsisoft Anti-Malware
Trojan.GenericKD.2188329
8.16.02.03.06

ESET NOD32
Win32/Injector.YFC (variant)
10.12942

Fortinet FortiGate
W32/Injector.ADYQ!tr
2/3/2016

F-Secure
Trojan.GenericKD.2188329
11.2016-03-02_4

G Data
Trojan.GenericKD.2188329
16.2.25

IKARUS anti.virus
Trojan.Win32.Fsysna
t3scan.2.0.4.0

K7 AntiVirus
Trojan
13.213.18574

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.719

McAfee
Artemis!488945135513
5600.6501

MicroWorld eScan
Trojan.GenericKD.2188329
17.0.0.102

NANO AntiVirus
Trojan.Win32.Fsysna.cxaonq
1.0.14.5798

nProtect
Trojan.GenericKD.2188329
16.01.28.01

Panda Antivirus
Trj/Genetic.gen
16.02.03.06

Qihoo 360 Security
Win32/Trojan.1de
1.0.0.1077

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
PAK_Generic.006
7.2.34

Trend Micro
PAK_Generic.006
10.465.03

Vba32 AntiVirus
Trojan.Llac
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46816

ViRobot
Trojan.Win32.Z.Fsysna.2473541[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Inject.Win32.62733
2.0.0.2635

File size:
2.4 MB (2,473,541 bytes)

Product version:
2.02

Original file name:
aaICO.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\macro flooding tool.exe

File PE Metadata
Compilation timestamp:
8/2/2013 6:35:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:sXnnLrypwc1ZSXnnLrypwc1Z4DOteXidh0f3lIHJf:kAKA4D+eSdy4

Entry address:
0x12D8

Entry point:
01, 00, 00, 00, 80, 13, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 13, 40, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 17, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 74, 17, 40, 00, 08, 90, 56, 00, 01, 00, 00, 00, BC, 13, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, 13, 40, 00, 00, 00, 00, 00, 50, 00, 00, 00, 30, F4, 52, 2B, 20, D9, D9, 43, 9C, 10, 79, D2, AE, AB, 2B, 91, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00...
 
[+]

Code size:
1.4 MB (1,474,560 bytes)

The file macro flooding tool.exe has been seen being distributed by the following 2 URLs.

http://download2075.mediafire.com/o94e0x2q6hhg/.../Macro Flooding Tool.exe

http://download2035.mediafire.com/bihsb2jmfq9g/.../Macro Flooding Tool.exe

Remove macro flooding tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.