» 12928.exe
Overview
Analysis
File Details

12928.exe

The Witcher 3

Acunetix Ltd.

The executable 12928.exe has been detected as malware by 10 anti-virus scanners.

File name:

12928.exe

Publisher:

CD Projekt Red (signed by Acunetix Ltd.)

Product:

The Witcher 3

Version:

3.0.0

MD5:

e4cdb86219164053a5e279ac7daecaf8

SHA-1:

cd29013ab9c902c84980932c6ec21abb59f65835

SHA-256:

3f66484b0734514041710cd24913a36eb917060eae9788fb0c04d0185c43f48e

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

11/16/2024 3:59:17 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Dropper.W32.Injector.lBZu

2.1.4+

AhnLab V3 Security

Trojan/Win32.Agent

2016.05.03

avast!

Win32:Malware-gen

2014.9-160531

AVG

MSIL10

2017.0.2727

Dr.Web

Trojan.PWS.Multi.911

9.0.1.0152

ESET NOD32

MSIL/Injector.PAP (variant)

10.13426

Fortinet FortiGate

MSIL/Injector.PAP!tr

5/31/2016

F-Prot

W32/MSIL_Injector.CE.gen

v6.4.7.1.166

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

Quick Heal

TrojanPWS.ZBot

5.16.14.00

File size:

340.7 KB (348,904 bytes)

Product version:

3.0.0

Original file name:

sdfsdfsdf.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\12928.exe

Digital Signature

Signed by:

Acunetix Ltd.

Authority:

Thawte, Inc.

Valid from:

6/26/2014 2:00:00 AM

Valid to:

6/26/2016 1:59:59 AM

Subject:

CN=Acunetix Ltd., OU=Acunetix Development Department, O=Acunetix Ltd., L=Ta' Xbiex, S=Malta, C=MT

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

500BD1BC380359C65E4FB982FD87B14F

File PE Metadata

Compilation timestamp:

5/2/2016 5:13:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:e+aYSmXLFcPZdx/owPN4JB4xUPc+iSBwivUaxoriCejXxu3Jnp6rRH+rO:nXBsPxAwPIgUSSBwiSJeA3JnCH+y

Entry address:

0x54DAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 48, 00, 00, 80, 10, 00, 00, 00, 60, 00, 00, 80, 18, 00, 00, 00, 78, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

331.5 KB (339,456 bytes)

Remove 12928.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.