» SAPO
Digital Signature
Analysis
Files (34)
Downloads (15)
Distribution (7)
Related (875)

SAPO

Publisher Information

SAPO is a software publisher located in Opalo, Jobila in AS*. Thre are 2 additional code signing certificates issued to this publisher.

Authority:

SAPO

Valid from:

6/5/2015 2:08:35 PM

Valid to:

6/5/2016 2:08:35 PM

Subject:

E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Issuer:

E=cmd@sapo.pt, CN=SAPO.PT, OU=SAPO Division of Protocol, O=SAPO, L=Opalo, S=Jobila, C=AS

Serial number:

00a7ab2cd21ecc7345

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

AVG

Luhe.Fiha.A, Downloader.MSIL, MSIL8, Downloader.Banload2

52.94%

ESET NOD32

MSIL/TrojanDownloader.Banload.DY (variant), MSIL/Injector.KDN (variant), MSIL/Injector.KEV (variant), MSIL/TrojanDownloader.Banload.DW

52.94%

Kaspersky

Trojan-Banker.Win32.Banbra, Backdoor.Win32.Androm, Backdoor.Win32.DarkKomet, HEUR:Trojan.Win32.Generic, Trojan-Downloader.MSIL.Banload

50.00%

avast!

Win32:Banker-LUP [Trj], Win32:Malware-gen, Win32:Banker-MLE [Trj], MSIL:Downloader-NY [Trj], MSIL:Banker-EF [Trj], MSIL:Banker-CF [Trj]

47.06%

Panda Antivirus

Trj/Chgt.O, Generic Suspicious, Trj/CI.A, Trj/Agent.IVN

47.06%

Fortinet FortiGate

W32/Banbra.TFOY!tr, W32/Androm.HGJD!tr.bdr, MSIL/KBD!tr, MSIL/KDN!tr, W32/Banload.BUC!tr.dldr, W32/Banload.WOV!tr.dldr, W32/Banload.BTC!tr.dldr

47.06%

IKARUS anti.virus

Trojan-Banker.Win32.Banbra, Trojan.MSIL8, Trojan.MSIL.Injector, Trojan-Downloader.MSIL.Banload, Trojan-Downloader.Win32.Banload

44.12%

Avira AntiVirus

TR/Banload.jmas, TR/NetCoot.A.30, TR/Dropper.MSIL.8126, TR/Dropper.MSIL.19552, TR/Dropper.MSIL.18687, TR/Dldr.Agent.452240

44.12%

Baidu Antivirus

Trojan.MSIL.Banload, Backdoor.Win32.Androm, Backdoor.Win32.DarkKomet, Trojan.Win32.Banload

44.12%

Emsisoft Anti-Malware

Trojan.GenericKD.2495165, Trojan.GenericKD.2477093, Trojan.GenericKD.2502977, Trojan.GenericKD.2500693, Trojan.GenericKD.2487704

44.12%

1 / 68 (Malware)

lproc.exe (1685f9f177631069401f9171d815579e)

1 / 68 (Malware)

steamhelpers (KA2E8W2B2IHAR8BG<ProductVersion by MA1IEWWX5Z2GMHULHFileDescription) (15e5f98a3efd053090e81ee9729cb375)

1 / 68 (Malware)

dreamx.exe (b25dea344c279e548c862b6077598b7d)

1 / 68 (Malware)

edwedrfeddf-1.exe (940a1d4c610302199417a9b264b3ab2e)

1 / 68 (Malware)

dreamx.exe (95ae07852b3880aff0faeaab905691a5)

1 / 68 (PUP)

livemailoutlook_id=mailbox_092hj3ou23003-092223m3hn4u8278828287635rfvrn397i3.com (3a91ddb4c74be4d6bde6986371b61519)

1 / 68 (PUP)

uu9owomsiqs.exe (4beb9aa614a6adf13b28f2788eb60d10)

1 / 68 (PUP)

flashplayer17.exe (93d31613b8af0e2d907b2ab26db4c589)

4 / 68 (PUP)

winlog.exe (631945c80549efeeda90e0695c0fe8b8)

6 / 68 (Malware)

não confirmado 604081.crdownload (cf37965943ef99db5124907d8527438f)

23 / 68 (Malware)

comprovante.doc.exe (6d4daafaecb8b4d7e2c175a8d79c3732)

1 / 68 (PUP)

flashplayer17.exe (11821cce671573647b65c7ec8193f2ad)

26 / 68 (Malware)

flashplayer17.exe (ac0e102d528f061625126ecd2445fce8)

1 / 68 (Malware)

trzc04c.tmp (a5e9e7bda40f1f56345477a1dabc7204)

8 / 68 (Malware)

sysmon.exe (c3a67d9aba4701e1871055effb7065ac)

8 / 68 (Malware)

sysmon.exe (bfdea5cd58f023dd40e0774d99b94f6f)

3 / 68 (Malware)

dreamx.exe (d689bd2e347e566db4a0cf73b63d0a00)

19 / 68 (Malware)

flashplayer17.exe (d1ea6ac7998fc3855f299549a77b2858)

1 / 68 (Malware)

flashplayer17.exe (6d92ea61f2e769caf1364882a42bf114)

28 / 68 (Malware)

flashplayer17_install_update.exe (6896b19e6e635fb5ef128d92be595541)

16 / 68 (Malware)

edwedrfeddf-3.exe (79594c2c66700334102ea6fad76f877e)

17 / 68 (Malware)

facebooks.exe (BBG61QA2JY7YOMUN<ProductVersion by 5WR7COLQX4RNFXM6HFileDescription) (0a9771cb5e08009a2d4ad0929bed304e)

24 / 68 (Malware)

adobe flash player - 2015.exe (ff2a99011c91560403f0d63912526fd7)

15 / 68 (Malware)

adobe flash player 2015.exe (e24d301ec418f45021ea55869f0c7d3d)

30 / 68 (Malware)

f0a68ad2300480a082fc5b34a6a708f6.exe (8UOV1CVACW796E8Z<ProductVersion by 6ZGCCFUYLWPVQ1FTHFileDescription) (f0a68ad2300480a082fc5b34a6a708f6)

31 / 68 (Malware)

efd1f8fa485a417844f32364c00e096b.exe (76CTY032VYJNYUVK<ProductVersion by 3DGRMSY2PYEK0W2OHFileDescription) (efd1f8fa485a417844f32364c00e096b)

29 / 68 (Malware)

e8a2becf47d5208a892136346aeded28.exe (e8a2becf47d5208a892136346aeded28)

31 / 68 (Malware)

dc568c53627827970b080533ad97a152.exe (RNIYAHKLZB6TT4Y8<ProductVersion by J57LHQVZ1NYGME6YHFileDescription) (dc568c53627827970b080533ad97a152)

32 / 68 (Malware)

c71e3b38d4bd4af512d5554aa2259e8c.exe (R8PN8L8SL19T0F5M8 ProductVersion by FZDKKOMDG83V5R9BHFileDescription) (c71e3b38d4bd4af512d5554aa2259e8c)

32 / 68 (Malware)

b30fd9bd8a59e2e5b7d38816e9466860.exe (1DB0HMXL2ESS0QXL<ProductVersion by Q0JFVAWXQMHWZ9VWHFileDescription) (b30fd9bd8a59e2e5b7d38816e9466860)

Latest 30 of 34 files

Downloads URLs for files signed by SAPO.

15 / 68 (Malware)

http://bit.ly/1hCYJvq (adobe flash player 2015 .exe)

19 / 68 (Malware)

https://www.sugarsync.com/.../D3948105_175_853504600?directDownload=true (flashplayer17.exe)

4 / 68 (Malware)

https://www.sugarsync.com/.../D3941391_820_826114951?directDownload=true (351a.tmp)

29 / 68 (Malware)

https://docs.google.com/uc?authuser=0&id=0B_NWrvhUFHQzbWo3cHNWOTJNNk0&export=download (e8a2becf47d5208a892136346aeded28.exe)

1 / 68 (PUP)

https://www.sugarsync.com/.../D3948105_175_852207059?directDownload=true (flashplayer17.exe)

28 / 68 (Malware)

https://docs.google.com/uc?id=0B_NWrvhUFHQzeDVhWnFTam1zUVU&export=download (flashplayer17_install_update.exe)

15 / 68 (Malware)

http://bit.ly/1L9LFIE (adobe flash player 2015 .exe)

1 / 68 (PUP)

https://docs.google.com/uc?authuser=0&id=0B_NWrvhUFHQzR0t4cEVYbjZTX0k&export=download (flashplayer17.exe)

23 / 68 (Malware)

http://www.edu-web.jp/scdata/img/.../ (comprovante.doc.exe)

31 / 68 (Malware)

http://csgogifts.890m.com/prize38543903 (efd1f8fa485a417844f32364c00e096b.exe)

26 / 68 (Malware)

https://docs.google.com/uc?id=0B_NWrvhUFHQzc0ZDVHF6QUxsc1E&export=download (flashplayer17.exe)

24 / 68 (Malware)

https://storage.googleapis.com/.../Adobe Flash Player - 2015.exe (ff2a99011c91560403f0d63912526fd7)

15 / 68 (Malware)

https://3irqbg-dm2305.files.1drv.com/.../Adobe - Flash - 2015 -.exe (e24d301ec418f45021ea55869f0c7d3d)

15 / 68 (Malware)

https://3irqbg-dm2305.files.1drv.com/.../Adobe Flash Player 2015 .exe (e24d301ec418f45021ea55869f0c7d3d)

15 / 68 (Malware)

https://storage.googleapis.com/.../Adobe Flash Player 2015 .exe (e24d301ec418f45021ea55869f0c7d3d)

Distribution

The following websites host and distribute files published by SAPO.

csgogifts.890m.com

3irqbg-dm2305.files.1drv.com

storage.googleapis.com

docs.google.com

www.sugarsync.com

The certificates below are also signed by SAPO.

00C32D02D923B044F0 (Apr 20, 2016 to Apr 21, 2017)

0099BD1E5F2C546EE6 (Apr 04, 2016 to Apr 05, 2017)

The following publishers (by Authenticode signature organization name) are related.

Falcon Technology

北京文安卓立科技有限公司

TEKHNOLODZHI SISTEM, OOO

Bluestack Systems, Inc.

30 of 875 publishers

* Note, the details and description above are based on the code signing digital signature issued to SAPO by SAPO on June 05, 2015 with the serial number '00a7ab2cd21ecc7345'.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.