» precert_cns_1_0_0_37.exe
Overview
Analysis
File Details
Downloads (1)

precert_cns_1_0_0_37.exe

The executable precert_cns_1_0_0_37.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www1.caixa.gov.br.

File name:

MD5:

25010085c0563b323da4591c7f604930

SHA-1:

a218f6e6e3500b06fdb6155789b234fcfcc26b75

SHA-256:

b15937c5cdf5e9dc895239b68ea5068709ca2ffedac3fda543bf84d1e2206743

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/19/2024 5:40:28 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160327-1

AVG

Win32/Tanatos.T

2015.0.4355

Dr.Web

Win32.Sector.5

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality.OG

11.5.0.6191

ESET NOD32

Win32/Sality.NAR virus

7.0.302.0

F-Prot

W32/Sality.AK

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1307.0

Norman

Win32.Sality.OG

13.04.2016 10:11:06

File size:

1.3 MB (1,401,863 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

10/25/2001 5:47:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:XQHJduFt5Ieq2+dEHQCjEIkXjQC1+aVYw+NMAEL9jCj0efoyoNr+uliq2p:XaJMKjzQCpYNhERuJf9oNE

Entry address:

0x21AF

Entry point:

60, 6A, 00, FF, 15, 6C, 40, 40, 00, 2B, F1, FE, CA, 81, E1, 44, F7, DE, 29, 38, F0, E8, 00, 00, 00, 00, 33, DA, 84, C3, 86, E7, 69, DA, 01, C0, 83, 3A, 5B, 81, C3, 88, 4B, 00, 00, 4D, 0F, AD, EA, 21, F9, 81, C3, 5D, 0B, 00, 00, 0F, BC, FE, 0F, A5, F7, 0F, B7, FD, 81, EB, AE, 08, 00, 00, 8D, 3D, 3F, 06, B1, B0, 0F, CA, 0F, B7, CF, 53, 81, C3, 5C, 0A, 35, 00, FF, C1, 15, 6C, 7F, 46, F1, 48, 81, EB, 46, F9, 34, 00, 0F, A4, C1, 8C, B9, 1C, 6F, 76, 61, 0F, C8, 53, 81, EB, 21, D2, 5C, 00, F7, C3, 3C, 0F, 96, 01... 
[+]

Code size:

8.5 KB (8,704 bytes)

The file precert_cns_1_0_0_37.exe has been seen being distributed by the following URL.

http://www1.caixa.gov.br/download/.../ent_hist.asp?download=66486

Remove precert_cns_1_0_0_37.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.