video.exe

Onur Karagoz

The executable video.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from goo.gl.
Publisher:
Onur Karagoz  (signed and verified)

Version:
1.0.0.0

MD5:
d2aa4fe7b1509a71cff6c7afe8a4ebfb

SHA-1:
5c4c0ee4101678cecc0006fd104ae6347dbb6a8c

SHA-256:
91d562d404d70bdc3ccef907fbd101a6bf28e9af6fffa740c89dd9bf115be861

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
6/17/2019 4:37:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12341592
182

Agnitum Outpost
Trojan.Bamgadin
7.1.1

AVG
MSIL5
2017.0.2660

Bitdefender
Trojan.Generic.12341592
1.0.20.1090

Comodo Security
UnclassifiedMalware
21595

Emsisoft Anti-Malware
Trojan.Generic.12341592
8.16.08.05.10

ESET NOD32
MSIL/Bamgadin (variant)
10.11402

Fortinet FortiGate
MSIL/Bamgadin.E!tr
8/5/2016

F-Secure
Trojan.Generic.12341592
11.2016-05-08_6

G Data
Trojan.Generic.12341592
16.8.25

IKARUS anti.virus
Trojan.MSIL.Bamgadin
t3scan.1.8.9.0

McAfee
RDN/Generic.dx!d2d
5600.6316

Microsoft Security Essentials
TrojanClicker:MSIL/Balamid.B
1.1.11502.0

MicroWorld eScan
Trojan.Generic.12341592
17.0.0.654

Norman
Troj_Generic.XQWVH
11.20160805

nProtect
Trojan.Generic.12341592
15.03.30.01

Panda Antivirus
Generic Suspicious
16.08.05.10

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00LR14
7.2.218

Trend Micro
TROJ_GEN.F0C2C00LR14
10.465.05

VIPRE Antivirus
Trojan.Win32.Generic
38922

File size:
136.8 KB (140,048 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
HDPLAYER.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\video.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/13/2014 2:00:00 AM

Valid to:
11/14/2015 1:59:59 AM

Subject:
CN=Onur Karagoz, O=Onur Karagoz, STREET=UĞURMUMCU MAH. UĞURMUMCU CAD., STREET=184 ÇATIEVLER SİTESİ, STREET=BLOK:C D:210, L=Ankara, S=Yenimahalle, PostalCode=06370, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CD82F99CAD17F58E443C98C1BD258CBA

File PE Metadata
Compilation timestamp:
12/3/2014 11:31:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:KC2YQMiFS9YAsscevtIstEv+JIfB13NXF9:5jQMYS9n5GEEv+cXf

Entry address:
0x1D64E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
110 KB (112,640 bytes)

The file video.exe has been seen being distributed by the following URL.

Remove video.exe - Powered by Reason Core Security