mdma edited.exe

The executable mdma edited.exe, “Soebis@Trikgratis.com” has been detected as malware by 15 anti-virus scanners.
Description:
Soebis@Trikgratis.com

Version:
1.5.0.14

MD5:
d9ad68854ecd20b3e786dbf26bb0a5ee

SHA-1:
c4baafbec2fcf54ef61d1b503091e3aa0488f85a

SHA-256:
c30dfeb143a4c091eaa7220f449126b88dc446c10e1f11c466daeef9a23f79c5

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
2/24/2014 6:51:55 AM UTC  (five months ago)

Scan engine
Detection
Engine version

Baidu Antivirus
HackTool.Win32.Autoit
4.0.3.14224

Bkav FE
W32.Clod3ee.Trojan
1.3.0.4924

CMC Antivirus
Trojan.Win32.Generic!O
1.1.0.977

Commtouch SDK
W32/GenBl.D9AD6885!Olympus
5.4.1.7

Comodo Security
UnclassifiedMalware
17832

ESET NOD32
Win32/Packed.Autoit
8.9459

K7 AntiVirus
Trojan
13.176.11239

K7 Gateway Antivirus
Trojan
13.176.11226

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

McAfee
RDN/Generic PUP.x!b2r
5600.7210

McAfee Web Gateway
RDN/Generic PUP.x!b2r
7.7210

Norman
Suspicious_Gen4.ETALZ
10.20140224

Trend Micro House Call
TROJ_GE.C8391591
7.2.55

Vba32 AntiVirus
Trojan.Autoit.F
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
26754

File size:
880.5 KB (901,679 bytes)

Copyright:
@2012

File type:
Executable application (Win32 EXE)

Language:
Indonesian (Indonesia)

File PE Metadata
Compilation timestamp:
1/30/2012 4:32:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:zhkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aEWJn4lPmQ8QIHuN2vcRF:5RmJkcoQricOIQxiZY1iaEI4loausF

Entry address:
0x165C1

Entry point:
E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Code size:
514 KB (526,336 bytes)

There are numerous known code variantions that share the same compilation structure.

6 / 68      (Malware)
8ff4d3f092f8fdddf7fa28f5c1669137.exe  3, 3, 8, 1  (45b27ff92e5b22b5f9a733429236566301fcd23f)

36 / 68    (Malware)
rar.exe  3, 3, 8, 1  (5b1c3c4ed8d6fe55d6902b1c3a1c8540d2e5a8ed)

4 / 68      (Malware)
fileguardian.exe  3, 3, 8, 1  (5a61e4b06dab0edb14dc75f752cef3d3be89e6c9)

3 / 68      (inconclusive)
fileguardian.exe  3, 3, 8, 1  (76e3d10ad901e87c0fb6ace88f2ddbfc773178a7)

10 / 68    (Malware)
videos‮4pm.exe  3, 3, 8, 1  (3bed5798737f0d8b7d56cf174b778fcd8a6010a7)

9 / 68      (Malware)
videos‮4pm.exe  3, 3, 8, 1  (25a592d6ace87df3a42aaf20bb94fffae562aae3)

22 / 68    (Malware)
fileguardian.exe  3, 3, 8, 1  (889a20f53813120aba501ede8238139a0fabf67c)

25 / 68    (Malware)
eb73d2a378e5bd948ba8de3b136a8114.exe  3, 3, 8, 1  (456c2e38434c8f31418a4c6333e28fb5e2e94cd4)

6 / 68      (Malware)
cmd.exe  3, 3, 8, 1  (36c0525aa563cd84b0fd66caf00a46dc14029b87)

6 / 68      (Malware)
microsoft office activator.exe  3, 3, 8, 1  (4242da3524649e616cd72be85aecd3bf549f0757)

4 / 68      (Malware)
microsoft office 2013 pro plus precracked.exe  3, 3, 8, 1  (3a817fe10123fd81515c0eda9415f2fce3dd69de)

2 / 68
encrypted 1 mechant.exe  3, 3, 8, 1  (dd7c0420c43402299457c38c0f34777d70e8f66b)

13 / 68    (Malware)
stub_obfuscated.exe  3, 3, 8, 1  (73b2a1aca4474e77cf6a0d551e3427f48884fec6)

0 / 68
usg.exe  3, 3, 8, 1  (efdbf0d41446aa81c1d06acf139c3ee3032a9a55)

5 / 68      (Malware)
196e4586790f98ad065ae2128c3b6b.exe  (8ff26a8dc46ca2b2dfdf0727167970b6faab53e9)

Detection Incidence by Country