» win32.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (6)

win32.exe

Malwarebytes Anti-Malware

The executable win32.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘20b6678be2f910af49013e5885f586c3’. The file has been seen being downloaded from download1350.mediafire.com and multiple other hosts.

File name:

win32.exe

Publisher:

Malwarebytes Corporation* (Invalid match)

Product:

Malwarebytes Anti-Malware

Version:

2.3.55.0

MD5:

81adabebcac065c7c01468ede6936264

SHA-1:

7e74e37ae295bdf3aa0d3c7aeda0e9794aa49f95

SHA-256:

708014671f494822fce507635960419b3d8b285c6739c5c293016d8d4902c957

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/19/2024 11:39:29 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.30292

385

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/AD.Bladabindi.Y.5402

8.3.2.4

Arcabit

Trojan.Generic.D7654

1.0.0.627

avast!

Win32:Malware-gen

2014.9-160115

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.16115

Bitdefender

Trojan.GenericKDZ.30292

1.0.20.75

Clam AntiVirus

Win.Trojan.Agent-949066

0.98/21511

Comodo Security

UnclassifiedMalware

23690

Dr.Web

Trojan.MulDrop.7451

9.0.1.015

Emsisoft Anti-Malware

Trojan.GenericKDZ.30292

8.16.01.15.06

ESET NOD32

MSIL/Injector.IFO (variant)

10.12656

Fortinet FortiGate

W32/Generic!tr

1/15/2016

F-Secure

Trojan.GenericKDZ.30292

11.2016-15-01_6

G Data

Trojan.GenericKDZ.30292

16.1.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18026

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.811

Malwarebytes

Trojan.Injector.MSIL

v2016.01.15.06

McAfee

RDN/Generic.dx

5600.6519

Microsoft Security Essentials

Trojan:Win32/Dacic.A!rfn

1.1.12300.0

MicroWorld eScan

Trojan.GenericKDZ.30292

17.0.0.45

NANO AntiVirus

Trojan.Win32.MulDrop.dxcgze

0.30.26.4751

nProtect

Trojan.GenericKDZ.30292

15.12.01.01

Panda Antivirus

Trj/CI.A

16.01.15.06

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Quick Heal

Trojan.D.r3

1.16.14.00

Vba32 AntiVirus

Trojan.MSIL.Disfa

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45560

File size:

138.8 KB (142,132 bytes)

Product version:

2.3.55.0

Original file name:

mbam.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\win32.exe

File PE Metadata

Compilation timestamp:

9/8/2015 8:27:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:wzNApH86O2S8xwpGuJfa7dwk5qsGhOTsXGu4TwUKl:wzfGuaWF8oXL4EFl

Entry address:

0xE8CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

50.5 KB (51,712 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

20b6678be2f910af49013e5885f586c3

Command:

"C:\users\{user}\appdata\local\temp\win32.exe"..

The file win32.exe has been seen being distributed by the following 6 URLs.

http://download1350.mediafire.com/pdn59a52uqqg/.../CSGO HACKER 2015.exe

http://download1350.mediafire.com/8w9j7bx99ung/.../CSGO HACKER 2015.exe

http://download1725.mediafire.com/zxu8gsh93big/.../CSGO HACKER 2015.exe

http://download1725.mediafire.com/f39eucb4r6lg/.../CSGO HACKER 2015.exe

http://download1725.mediafire.com/6svugn9fc5fg/.../CSGO HACKER 2015.exe

http://download1350.mediafire.com/3142p4611bjg/.../CSGO HACKER 2015.exe

Remove win32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.