» reupload.exe
Overview
Analysis
File Details
Downloads (1)

reupload.exe

Microsoft

The executable reupload.exe has been detected as malware by 24 anti-virus scanners. The file has been seen being downloaded from filedropper.com.

File name:

reupload.exe

Product:

Microsoft

Version:

1.0.0.0

MD5:

b65ec003e4a6f55cb00882704c9c29f0

SHA-1:

b0834b54f8bc935a188300c7e3e801d378a115c2

SHA-256:

f0d007cb8bbee18f4a8bb0f8ebbfa02dbac2712df5ca74dd36c425a733714f38

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/25/2024 7:18:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.154335

313

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

AhnLab V3 Security

Trojan/Win32.Agent

2016.03.28

Arcabit

Trojan.Zusy.D25ADF

1.0.0.662

avast!

Win32:Trojan-gen

2014.9-160328

Bitdefender

Gen:Variant.Zusy.154335

1.0.20.440

Dr.Web

Tool.PassView.849

9.0.1.088

Emsisoft Anti-Malware

Gen:Variant.Zusy.154335

8.16.03.28.06

ESET NOD32

MSIL/Autorun.Spy.Agent.AU (variant)

10.13242

Fortinet FortiGate

W32/Generic.D!tr

3/28/2016

F-Secure

Gen:Variant.Zusy.154335

11.2016-28-03_2

G Data

Gen:Variant.Zusy.154335

16.3.25

IKARUS anti.virus

Worm.MSIL.Autorun

t3scan.2.0.9.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.449

Malwarebytes

Trojan.FakeMS.Gen

v2016.03.28.06

McAfee

Generic BackDoor.adv

5600.6447

MicroWorld eScan

Gen:Variant.Zusy.154335

17.0.0.264

NANO AntiVirus

Trojan.Win32.PassView.ebdzin

1.0.18.7201

Panda Antivirus

Trj/CI.A

16.03.28.06

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Trojan.Confuser!1.A352 [F]

23.00.65.16326

Sophos

Mal/MsilKlog-D

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Tester

9238

Trend Micro

TROJ_GEN.R03EC0PCQ16

10.465.28

File size:

713.5 KB (730,624 bytes)

Product version:

1.0.0.0

Original file name:

Microsoft.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\reupload.exe

File PE Metadata

Compilation timestamp:

3/25/2016 7:53:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:5eLU5fWOEMzgrHI6NSkQLyTEvg478yJhKMT3wqOG1OgkiXcP2w5WfpfhpCbub6:GOEMk1SkXkgy8dcVmb

Entry address:

0x9BADE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.0682

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

615 KB (629,760 bytes)

The file reupload.exe has been seen being distributed by the following URL.

http://filedropper.com/.../filedownload.php?id=reupload

Remove reupload.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.