» nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe
Overview
Analysis
File Details

nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe

Jav Platform SE 7 U4

Buster Paper Comercial Ltda

The executable nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe, “Java(TM) Platform SE binary” has been detected as malware by 21 anti-virus scanners.

File name:

Publisher:

Buster Paper Comercial Ltda (signed and verified)

Product:

Jav(TM) Platform SE 7 U4

Description:

Java(TM) Platform SE binary

Version:

7.0.40.22

MD5:

4877ab9128b8ba857c5e03544bd058f3

SHA-1:

36e341a488cbd9496ebc38d90a9b6d51f2caa031

SHA-256:

f9cfeb63d7c1be61d48fd7b92dba3a58ad3767073bb369b1b0db0d3c428195b1

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

7/5/2025 9:44:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.19138

191

Avira AntiVirus

TR/Dldr.Delphi.Gen

7.11.125.192

avast!

Win32:Banker-KCV [Trj]

2014.9-160727

Bitdefender

Gen:Variant.Strictor.19138

1.0.20.1045

Clam AntiVirus

BC.Heuristic.Trojan.SusPacked.BF-6.B

0.98/18155

Comodo Security

UnclassifiedMalware

17640

Emsisoft Anti-Malware

Gen:Variant.Strictor.19138

8.16.07.27.04

ESET NOD32

Win32/TrojanDownloader.Banload.RWO (variant)

10.9310

Fortinet FortiGate

W32/Banload.RWO!tr.dldr

7/27/2016

F-Secure

Gen:Variant.Strictor.19138

11.2016-27-07_4

G Data

Gen:Variant.Strictor.19138

16.7.24

IKARUS anti.virus

Trojan.Win32.Banker

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-158

Malwarebytes

Spyware.Banker.FakeSig

v2016.07.27.04

McAfee

Artemis!4877AB9128B8

5600.6325

MicroWorld eScan

Gen:Variant.Strictor.19138

17.0.0.627

Norman

Banker.GDZO

11.20160727

Panda Antivirus

Trj/Dtcontx.A

16.07.27.04

Sophos

Mal/Generic-S

4.96

Trend Micro House Call

TROJ_GEN.R021C0EAI14

7.2.209

Trend Micro

TROJ_GEN.R021C0EAI14

10.465.27

File size:

1.4 MB (1,474,368 bytes)

Product version:

7.0.40.22

Original file name:

iinstall.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe

Digital Signature

Signed by:

Buster Paper Comercial Ltda

Authority:

DigiCert Inc

Valid from:

1/16/2013 9:00:00 PM

Valid to:

1/22/2014 9:00:00 AM

Subject:

CN=Buster Paper Comercial Ltda, O=Buster Paper Comercial Ltda, L=São José Dos Campos, S=São Paulo, C=BR

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

07B44CDBFFFB78DE05F4261672A67312

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:kxD/KwFW5At8SwcdgkDd8CkTcj1zsx6NBswgTU+Q3TI+o+Ke1:kPnw0Dd8X41zsxpTTPETrLKe1

Entry address:

0xE2C40

Entry point:

55, 8B, EC, 83, C4, F0, B8, C8, 27, 4E, 00, E8, 18, 45, F2, FF, A1, A8, 4C, 4F, 00, 8B, 00, E8, 74, 0F, F8, FF, 8B, 0D, 30, 4E, 4F, 00, A1, A8, 4C, 4F, 00, 8B, 00, 8B, 15, B4, F4, 4D, 00, E8, 74, 0F, F8, FF, A1, A8, 4C, 4F, 00, 8B, 00, E8, E8, 0F, F8, FF, E8, CB, 1B, F2, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

903.5 KB (925,184 bytes)

Remove nfe_3512070912810330117857909207491775604214118_pagina_1.pdf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.