home

winscp-512-build-2816-baixaki-32-bits.exe

The application winscp-512-build-2816-baixaki-32-bits.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from dl.baixaki.com.br.
MD5:
30ce47927914d2da8c60e02b138385da

SHA-1:
39fef501c39a86bad9c6877f8114d1a322a571e7

SHA-256:
9aae52a3d320af776920693990078479f2f49f1d952c5cd655bfcb821725e8ea

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 9:57:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.559747
967

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/Installco.AB
7.11.110.92

AVG
InstallCore
2015.0.3445

Baidu Antivirus
Trojan.Win32.InstallCore
4.0.3.14613

Bitdefender
Adware.Generic.559747
1.0.20.820

Bkav FE
W32.Clod9cd.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17429

Dr.Web
Adware.InstallCore.76
9.0.1.0164

Emsisoft Anti-Malware
Adware.Generic.559747
8.14.06.13.09

ESET NOD32
Win32/InstallCore.BA (variant)
8.8988

F-Prot
W32/InstallCore.S.gen
v6.4.7.1.166

F-Secure
Adware.Generic.559747
11.2014-13-06_6

G Data
Adware.Generic.559747
14.6.22

K7 AntiVirus
Unwanted-Program
13.174.10498

Malwarebytes
PUP.AdBundle
v2014.06.13.09

McAfee
Artemis!F6A468FEFAE9
5600.7101

MicroWorld eScan
Adware.Generic.559747
15.0.0.492

NANO AntiVirus
Trojan.Win32.InstallCore.cqqkpf
0.28.0.56692

Reason Heuristics
Threat.Win.Reputation.IMP
14.6.13.9

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14611

Sophos
Generic PUA DJ
4.94

SUPERAntiSpyware
PUP.AdBundle
10546

Trend Micro House Call
TROJ_GEN.R0CBH05JC13
7.2.164

VIPRE Antivirus
Adware.Trojan.Win32.Generic
22886

File size:
1.1 MB (1,178,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winscp-512-build-2816-baixaki-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dCbb3HF2KzBlRdN9AztvlQlJ/wAInrb08bfhVwg3GnmoAg2jab9V7nBclQOkq27q:dIb3HF2KzBlrN96tvlQlJ/wA+rb08bf1

Entry address:
0xD4EF0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 50, 44, 41, 00, E8, 0E, CD, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
865.5 KB (886,272 bytes)

The file winscp-512-build-2816-baixaki-32-bits.exe has been seen being distributed by the following URL.

http://dl.baixaki.com.br/programas/.../winscp-512-build-2816-baixaki-32-bits.exe

Remove winscp-512-build-2816-baixaki-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.