home

thuvien-it.org.exe

The executable thuvien-it.org.exe has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from download1218.mediafire.com.
MD5:
b1240e0e72863a10ab169bd6b750b20e

SHA-1:
b615062f90dedffb053bc2650616cdac0db67474

SHA-256:
4d20a8d2e435e317aa18d9192939bc7eb2d26d7d7fd2144b76b56dacf1df999b

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/19/2024 5:52:25 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Ramnit-CC [Trj]
160518-2

Emsisoft Anti-Malware
Gen:Variant.Kazy.617935
11.5.0.6191

F-Prot
W32/Ramnit.B!Generic
4.6.5.141

McAfee
Program.Joke-StressRelief
18.0.204.0

Norman
Gen:Variant.Kazy.617935
28.05.2016 15:32:18

File size:
1.6 MB (1,655,299 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\thuvien-it.org.exe

File PE Metadata
Compilation timestamp:
6/3/2000 2:07:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:2UUrYKLXv/bGQGE3FUTf32suLgZJhuGxJ:OrYkf6QGE1UT/3ZJhhxJ

Entry address:
0x13B000

Entropy:
6.9131

Code size:
184 KB (188,416 bytes)

The file thuvien-it.org.exe has been seen being distributed by the following URL.

http://download1218.mediafire.com/mjqfhcx8ls7g/.../thuvien-it.org.exe

Remove thuvien-it.org.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.