home

nfsw_pursuitbot.exe

The executable nfsw_pursuitbot.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1236.mediafire.com and multiple other hosts.
MD5:
85aa8866604e1300d801fe354c5b7967

SHA-1:
0fc91a80f78cf5d905770d7dfabffc6287bf74d8

SHA-256:
b9e62c4311f5cb2caaa8c0647e93ee8c8294e21fee279d7a2218edbf0e22eac7

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/26/2024 4:15:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.GM.01C40400B2
908

AhnLab V3 Security
Trojan/Win32.FakeAV
2014.08.05

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.165.44

AVG
Skodna.GameHack
2015.0.3386

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14811

Bitdefender
Gen:Trojan.Heur.GM.01C40400B2
1.0.20.1115

Bkav FE
W32.Clod755.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
19083

Dr.Web
Trojan.Siggen5.39146
9.0.1.0223

Emsisoft Anti-Malware
Gen:Trojan.Heur.GM.01C40400B2
8.14.08.11.08

ESET NOD32
Win32/GameHack.JN (variant)
8.10202

Fortinet FortiGate
W32/Basine.C
8/11/2014

F-Secure
Gen:Trojan.Heur.GM.01C40400B2
11.2014-11-08_2

G Data
Gen:Trojan.Heur.GM.01C40400B2
14.8.24

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.182.12945

Kaspersky
Trojan.Win32.PEF13F
14.0.0.3423

Malwarebytes
Trojan.MalPack.G
v2014.08.11.08

McAfee
RDN/Generic PUP.x!bcs
5600.7042

MicroWorld eScan
Gen:Trojan.Heur.GM.01C40400B2
15.0.0.669

NANO AntiVirus
Trojan.Win32.XPACK.bxgafc
0.28.2.61349

Norman
Troj_Generic.MXCKV
11.20140811

Panda Antivirus
Trj/Dtcontx.I
14.08.11.08

Quick Heal
Trojan.ZAgent.r1
8.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.157CED60!360508768
23.00.65.14809

Sophos
Mal/Basine-C
4.98

Trend Micro House Call
TROJ_GEN.F0C6C0LBS14
7.2.223

Trend Micro
TROJ_GEN.F0C6C0LBS14
10.465.11

Vba32 AntiVirus
Trojan.PEF13F
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31918

ViRobot
Trojan.Win32.A.PEF13F.14460
2011.4.7.4223

File size:
14.1 KB (14,460 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/22/2011 9:04:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
96.139

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:szj7rWDS5Iy/aU9xAKcJNCRrhz8X06QUql+4L:C7rW++UxxAK4CRr9p3Uqt

Entry address:
0x1000

Entry point:
4D, 5A, 52, 4A, 66, 29, D2, EB, 0B, BD, F3, B8, 50, 45, 00, 00, 4C, 01, 01, 00, 66, 81, 3A, 4D, 5A, 75, E8, 87, D7, EB, 45, AA, 80, 00, 0F, 01, 0B, 01, 60, 8B, 6F, 3C, 8B, 6C, 2F, 78, 01, FD, 29, C9, EB, 68, 00, 10, 00, 00, C9, D9, 49, EB, 0C, 00, 00, 00, 00, 00, 14, 13, 00, 10, 00, 00, 00, 02, 00, 00, 04, 00, 00, 00, F8, A7, 49, 8F, 04, 00, 00, 00, 00, 00, 00, 00, 00, 50, 00, 00, 00, 02, 00, 00, EB, 66, F8, A6, 02, 00, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 10, 00, 00, 10, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9744  (probably packed)

Code size:
1.7 GB (1,821,064,303 bytes)

The file nfsw_pursuitbot.exe has been seen being distributed by the following 2 URLs.

http://download1236.mediafire.com/lr72lylw1beg/.../NFSW_PursuitBot.exe

https://fs09n2.sendspace.com/dl/2b92ba64df1ad38b0c18662970f8e4dc/54a5dde10d2c523a/.../NFSW_PursuitBot.exe

Remove nfsw_pursuitbot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.