» my-pretty-spring-photo-shared-img0213.jpg.exe
Overview
Analysis
File Details
Downloads (1)

my-pretty-spring-photo-shared-img0213.jpg.exe

Complex

Fed TV burn - www.Complex.com

The executable my-pretty-spring-photo-shared-img0213.jpg.exe, “Curious Eddy hollow percent somebody Andy” has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from catalog.chaosium.com.

File name:

Publisher:

Fed TV burn - www.Complex.com

Product:

Complex

Description:

Curious Eddy hollow percent somebody Andy

Version:

6.0.0.4

MD5:

bc7acfd17d8c26ce8921ee33ee520afb

SHA-1:

d6e8b7b475cd271740be27288c64a56f726bda53

SHA-256:

6cc842a860791a98a5266fb691c9bb7abc65e345206bab828a493d2a9bd83967

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/18/2024 5:28:31 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Vitro

150717-0

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

11.5.0.6191

ESET NOD32

Win32/Virut.NBP virus

8.0.319.0

F-Prot

W32/Sality.D.gen

4.6.5.141

F-Secure

Win32.Virtob.Gen.12

5.15.96

Kaspersky

Virus.Win32.Virut

15.0.0.562

McAfee

Virus.W32/Virut.rem.K

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.219.1126.0

Norman

Win32.Virtob.Gen.12

10.04.2016 15:29:17

File size:

290.5 KB (297,472 bytes)

Product version:

7.0

File type:

Executable application (Win32 EXE)

Language:

Arabic (Saudi Arabia)

Common path:

C:\users\{user}\downloads\my-pretty-spring-photo-shared-img0213.jpg.exe

File PE Metadata

Compilation timestamp:

1/1/1998 3:54:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:myhygTHvV7+oh7yyZv3k3K9cS/14k0slpvpOXv68pd:myhygTPV6ogyO3o10Evof

Entry address:

0xDD67

Entry point:

86, E6, 68, 76, 6A, 00, 00, F8, 59, 86, E2, 86, F6, 8D, 54, BB, 8A, 86, E2, EB, 98, 00, 00, 00, 1D, 51, A2, 6F, B4, 7A, 0E, 4C, 00, 22, FD, DE, 00, 00, D0, D8, 71, 79, 91, 5C, 88, 0D, DC, A2, 6C, AC, 00, 00, 95, 67, B6, 76, 00, 57, 92, 00, 90, C9, 00, 4A, 8D, 00, FE, C2, F7, D0, 40, F7, D0, 48, 48, 86, C2, 86, D4, 90, F6, D0, E9, B5, FE, FF, FF, F2, 7F, 12, 11, C2, 68, 68, 76, 0C, 02, 7F, 00, 5F, B4, 00, 04, 73, 00, A4, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.1983

Code size:

51.5 KB (52,736 bytes)

The file my-pretty-spring-photo-shared-img0213.jpg.exe has been seen being distributed by the following URL.

http://catalog.chaosium.com/?3a7e223n3dp2mqz8=f25d341e1

Remove my-pretty-spring-photo-shared-img0213.jpg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.