home

nf_83945_20.12.2015_9032487598437259346456453.exe

The executable nf_83945_20.12.2015_9032487598437259346456453.exe has been detected as malware by 25 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from bit.ly.
MD5:
d47debe1a7fe8e578272927d9a6cc093

SHA-1:
1ef78752c478f1471a6dcb7a4830313f03ba37eb

SHA-256:
9c99bd3cfe699f505d177edc23c8acf97a655301acb430e03e57ccb706eeb035

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
4/25/2024 8:02:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.263078
378

Agnitum Outpost
Trojan.DL.Autoit
7.1.1

Avira AntiVirus
TR/Dldr.Agent.1137664
8.3.2.4

Arcabit
Trojan.Graftor.D403A6
1.0.0.642

avast!
Win32:Malware-gen
2014.9-160122

AVG
Generic14_c
2017.0.2856

Baidu Antivirus
Trojan.Win32.Autoit
4.0.3.16122

Bitdefender
Gen:Variant.Graftor.263078
1.0.20.110

Comodo Security
UnclassifiedMalware
23930

Dr.Web
Trojan.DownLoader18.20504
9.0.1.022

Emsisoft Anti-Malware
Gen:Variant.Graftor.263078
8.16.01.22.01

ESET NOD32
Win32/TrojanDownloader.Autoit.OAU (variant)
10.12825

F-Secure
Gen:Variant.Graftor.263078
11.2016-22-01_6

G Data
Gen:Variant.Graftor.263078
16.1.25

IKARUS anti.virus
Trojan-Downloader.Win32.AutoIt
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18331

Kaspersky
Trojan-Downloader.Win32.Autoit
14.0.0.777

McAfee
Artemis!D47DEBE1A7FE
5600.6512

MicroWorld eScan
Gen:Variant.Graftor.263078
17.0.0.66

NANO AntiVirus
Trojan.Win32.Agent.dzihbn
1.0.14.5380

Qihoo 360 Security
HEUR/QVM17.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16120

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
46326

ViRobot
Trojan.Win32.Downloader.1008128[h]
2014.3.20.0

File size:
1.1 MB (1,137,664 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\nf_83945_20.12.2015_9032487598437259346456453.exe

File PE Metadata
Compilation timestamp:
12/18/2015 12:52:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:RrmSJW8DF60hxNqZCogoIQYX/4EQ+EjUtynR:tmSnRq4o9vYXdQfZ

Entry address:
0x27F4A

Entry point:
B8, 04, C9, 5A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 19, 5F, 5C, 1C, EB, AC, 3C, E3, E1, 42, AC, 8F, F4, 0E, 1A, 20, 5F, 24, 85, EB, 59, 6F, F1, 6B, 29, 78, 39, F5, 0A, 91, 73, 99, AF, A2, 8D, 18, B1, DF, E3, 09, DE, 0B, 7A, DA, 93, 60, 6A, C8, 88, D0, DE, E3, F2, 21, B0, A4, 8E, 95, 5A, D8, 3C, 37, 85, 29, 78, 67, 63, 92, 73, 27, 11, 11, 87, 49, 85, F5, F3, A6, C0, 86, 66, D9, CD, D4, E2, 1A, 77, 70, A3, BC, 67, 93, 07...
 
[+]

Packer / compiler:
PECompact v2

Code size:
567.5 KB (581,120 bytes)

The file nf_83945_20.12.2015_9032487598437259346456453.exe has been seen being distributed by the following URL.

http://bit.ly/1QwjvfB

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.