home

notificacao_doc.cpl

The file notificacao_doc.cpl has been detected as malware by 33 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
MD5:
4bf011bfbe5c1ce3fdc984a50a390854

SHA-1:
8182b77aa6430baf258d20f94c19fa835325b789

SHA-256:
e4f48dad07122c8f1eb18c3a3c73ccd1751c4c0d8dd4b2d401881177ef6a22d1

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/19/2024 8:07:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.41213
675

Agnitum Outpost
Trojan.DL.Banload
7.1.1

AhnLab V3 Security
Trojan/Win32.ChePro
15.04.01

Avira AntiVirus
TR/ATRAPS.Gen
7.11.151.18

avast!
Win32:Banker-KSR [Trj]
2014.9-150401

AVG
Downloader.Banload2
2016.0.3153

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.1541

Bitdefender
Gen:Variant.Symmi.41213
1.0.20.455

Bkav FE
HW32.Laneul
1.3.0.4959

Emsisoft Anti-Malware
Gen:Variant.Symmi.41213
8.15.04.01.10

ESET NOD32
Win32/TrojanDownloader.Banload.TGG (variant)
9.9837

Fortinet FortiGate
W32/Banload.TGG!tr.dldr
4/1/2015

F-Secure
Gen:Variant.Symmi.41213
11.2015-01-04_4

G Data
Gen:Variant.Symmi.41213
15.4.24

IKARUS anti.virus
Trojan.Win32.ChePro
t3scan.1.6.1.0

K7 AntiVirus
Trojan-Downloader
13.178.12171

Kaspersky
Trojan-Banker.Win32.ChePro
14.0.0.2258

Malwarebytes
Spyware.Banker.CP
v2015.04.01.10

McAfee
RDN/PWS-Banker.dldr!f
5600.6809

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.10600

MicroWorld eScan
Gen:Variant.Symmi.41213
16.0.0.273

NANO AntiVirus
Trojan.Win32.ChePro.cvoiqe
0.28.0.59921

Norman
Banload.CPL
11.20150401

nProtect
Trojan-Spy/W32.Banker.388096.O
14.05.22.01

Panda Antivirus
Trj/Genetic.gen
15.04.01.10

Qihoo 360 Security
Win32/Trojan.0a0
1.0.0.1015

Quick Heal
Trojan.Dynamer.r3
4.15.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNV.01CP14
7.2.91

Trend Micro
TROJ_SPNV.01CP14
10.465.01

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29508

Zillya! Antivirus
Trojan.ChePro.Win32.2166
2.0.0.1798

File size:
379 KB (388,096 bytes)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\notificacao_doc.cpl

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:BJ5/Gv/G3G9vBUB1quBVvItOLYc0dGUwJM1LtCTt/P4MVDEK:BJ4HG34vBUB1rBVcOLpM/Cx/P4gE

Entry address:
0x1050D0

Entry point:
80, 7C, 24, 08, 01, 0F, 85, D9, 01, 00, 00, 60, BE, 00, 80, 4A, 00, 8D, BE, 00, 90, F5, FF, 57, 83, CD, FF, EB, 0D, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 - v1.22, 0x

Code size:
376 KB (385,024 bytes)

Remove notificacao_doc.cpl - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.