» nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe
Overview
Analysis
File Details

nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe

Jav Platform SE 7 U4

Buster Paper Comercial Ltda

The executable nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe, “Java(TM) Platform SE binary” has been detected as malware by 17 anti-virus scanners.

File name:

Publisher:

Buster Paper Comercial Ltda (signed and verified)

Product:

Jav(TM) Platform SE 7 U4

Description:

Java(TM) Platform SE binary

Version:

7.0.40.22

MD5:

65ecaa8574d649d05c97455da60520c2

SHA-1:

18f8e374fa01ca5aa8ae01e8f03ed983ee510ffc

SHA-256:

15caae4f7f744a60f22bbc03117ea8ed30c82718e0dd688d1b061c4fd5a57bef

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/19/2024 8:49:08 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Strictor.19138.11

7.11.60.104

avast!

Win32:Banker-KCN [Trj]

2014.9-170118

AVG

Win32/Delf

2018.0.2494

Bitdefender

Gen:Variant.Strictor.19138

1.0.20.90

Clam AntiVirus

BC.Heuristic.Trojan.SusPacked.BF-6.B

0.98/18155

F-Secure

Gen:Variant.Strictor.19138

11.2017-18-01_4

G Data

Gen:Variant.Strictor.19138

17.1.22

IKARUS anti.virus

Virus.Win32.Delf

t3scan.1.3.5.0

Kaspersky

Trojan-Banker.Win32.Banker

14.0.0.-1034

Malwarebytes

Spyware.Banker.FakeSig

v2017.01.18.07

McAfee

Artemis!65ECAA8574D6

5600.6150

MicroWorld eScan

Gen:Variant.Strictor.19138

18.0.0.54

Norman

Banker.GDZO

11.20170118

Panda Antivirus

Trj/Banker.KEZ

17.01.18.07

Rising Antivirus

Suspicious

23.00.65.17116

Trend Micro House Call

TROJ_GEN.RCBH1B6

7.2.18

VIPRE Antivirus

Trojan.Win32.Generic

15448

File size:

1.4 MB (1,472,832 bytes)

Product version:

7.0.40.22

Original file name:

iinstall.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe

Digital Signature

Signed by:

Buster Paper Comercial Ltda

Authority:

DigiCert Inc

Valid from:

1/17/2013 12:00:00 AM

Valid to:

1/22/2014 12:00:00 PM

Subject:

CN=Buster Paper Comercial Ltda, O=Buster Paper Comercial Ltda, L=São José Dos Campos, S=São Paulo, C=BR

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

07B44CDBFFFB78DE05F4261672A67312

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xE321C

Entry point:

55, 8B, EC, 83, C4, F0, B8, A4, 2D, 4E, 00, E8, 3C, 3F, F2, FF, A1, B8, 5C, 4F, 00, 8B, 00, E8, 98, 09, F8, FF, 8B, 0D, A0, 5E, 4F, 00, A1, B8, 5C, 4F, 00, 8B, 00, 8B, 15, B4, F4, 4D, 00, E8, 98, 09, F8, FF, A1, B8, 5C, 4F, 00, 8B, 00, E8, 0C, 0A, F8, FF, E8, EF, 15, F2, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

905 KB (926,720 bytes)

Remove nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.