028a2-028a3_hotfix.exe

Vostok Games. Survarium Inc.

Publisher:
Vostok Games. Survarium Inc.  (signed and verified)

MD5:
6aea695deabd7ea6ad9a0ac6e0d15153

SHA-1:
e99ea21402b08832f755091ea1d392e3e9d8306e

SHA-256:
fd8546b79cbade1d4e843dbc4954c14ffbe22c5f7b73b6ae251fbb2b62499337

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/27/2024 7:35:46 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen2
8.3.1.6

McAfee
Artemis!6AEA695DEABD
5600.6731

Trend Micro House Call
Suspicious_GEN.F47V0511
7.2.168

File size:
6.1 MB (6,414,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\028a2-028a3_hotfix.exe

Digital Signature
Authority:
Unizeto Technologies S.A.

Valid from:
6/6/2014 2:05:36 PM

Valid to:
6/6/2015 2:05:36 PM

Subject:
E=yava@vostokgames.com, CN=survarium.com, O=Vostok Games. Survarium Inc., C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
289368D9A85AFCE83ED772A668980AB4

File PE Metadata
Compilation timestamp:
4/29/2015 1:13:30 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:OCWSv7Bss3/uJ9z5bxkjceLNd8fXZvvyeW:YW

Entry address:
0x2395

Entry point:
E8, C4, 65, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 79, 41, 00, E8, 05, 0A, 00, 00, E8, 95, 67, 00, 00, 0F, B7, F0, 6A, 02, E8, 57, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 21, 14, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.9004

Code size:
69.5 KB (71,168 bytes)

The file 028a2-028a3_hotfix.exe has been seen being distributed by the following URL.

Scan 028a2-028a3_hotfix.exe - Powered by Reason Core Security