home

rato leve + ant ban injetado by code.exe

The executable rato leve + ant ban injetado by code.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs09n2.sendspace.com.
MD5:
3e4fa7cc1bfefb43d2923fc9399d819d

SHA-1:
ff30298af4b30bf9e696dd332b28ad0a97632018

SHA-256:
9e6575761ccba80a7b6325070a71ac81c802eb0c370ac8bc2b3f9504811cb7b5

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
5/9/2024 12:09:34 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Agent-CIB [Trj]
160518-2

ESET NOD32
Win32/VB.NIL trojan
7.0.302.0

F-Prot
W32/Backdoor.AVYF
4.6.5.141

F-Secure
Backdoor.Heur.Bifrose.@pZ@cSkggwp
5.15.96

File size:
4.3 MB (4,532,338 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rato leve + ant ban injetado by code.exe

File PE Metadata
Compilation timestamp:
3/31/2007 8:00:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:7zi2AnXNM8RSMfs0aeG2dx3JpMekpG0xI7GrCspYmnsqC:S2AnaqS+n/Mvp64CsrC

Entry address:
0x109C

Entry point:
68, F4, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 43, C8, E7, 79, 65, 74, E1, 4E, 81, D0, 1F, 1A, FF, FB, A7, AE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 41, 73, 20, 53, 74, 58, 00, 6E, 67, 0D, 0A, 20, 20, 00, 00, 00, 00, 07, 00, 00, 00, B4, 15, 40, 00, 07, 00, 00, 00, 58, 15, 40, 00, 56, 42, 35, 21, 36, 26, 56, 42, 36, 45, 53, 2E, 44, 4C, 4C, 00, 00, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 0A, 0C, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
4 KB (4,096 bytes)

The file rato leve + ant ban injetado by code.exe has been seen being distributed by the following URL.

https://fs09n2.sendspace.com/dl/a0202025c03ec5fb112748bbbcb64b12/5739d4f82e0fec00/.../Rato leve Ant Ban INJETADO by Code.EXE

Remove rato leve + ant ban injetado by code.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.