224_sa-mp-0.3d-r2-i.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from serv33.f2h.co.il and multiple other hosts.
MD5:
dc9982d2f8acad6d91891295431147e3

SHA-1:
850259c710a86e05db3aea57949ee4d361c616d4

SHA-256:
ffe1b66dab76ff300c8563451106b130054e01671cefdebe709ad8dc0d3a319a

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 9:41:03 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.1.6.1.0

McAfee
Artemis!DC9982D2F8AC
5600.7159

Vba32 AntiVirus
Worm.NetSky
3.12.26.0

File size:
10.6 MB (11,074,137 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\224_sa-mp-0.3d-r2-i.exe

File PE Metadata
Compilation timestamp:
12/6/2009 2:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:RQbvIr0CLN9BjSwRB+MzrbPnNvmkQOT8MqgW/k5W4VF0k3WpXuV5uwDm68vC2wrA:uCLNnvb7mO4Mc2kMWpXuD268fwciq

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file 224_sa-mp-0.3d-r2-i.exe has been discovered within the following program.

GTA San Andreas  by Rockstar Games Inc.
Grand Theft Auto: San Andreas is an open world action-adventure video game.
www.rockstargames.com
1% remove it
 
Powered by Should I Remove It?

The file 224_sa-mp-0.3d-r2-i.exe has been seen being distributed by the following 19 URLs.

http://serv33.f2h.co.il/.../mmkhn4fne25r|cc3ac4b4656882a2ffbb3d2ab564bbdc

http://i.download.idg.pl/fannef/b78957122dec256fe058d37563ec7d08/58990c4d//zx/cyberjoy/mody/g/.../sa-mp-0.3d-R2-install.exe

https://mega.nz/persistent/.../ugc3wShb

http://s10811.chomikuj.pl/File.aspx?e=i_3xEIet7DfkT_zCt0JJVvPndHp0_MfuGck8GnbduL6MxaMFjjG_wcWQJX05lRBKSdwIuh3813kbuweRlO6b1z2rQ_BgCd-6G-fbtBiEVpBivdMWjt-ibZoJbvXeo_sDdts_lIC8FTuq12dBV5R5Cc-FR93hPvw1scNHehyf0Co&pv=2

http://s8919.chomikuj.pl/File.aspx?e=i_3xEIet7DfkT_zCt0JJVtsKXVgzp1oTHDpM-RvNO_GitcK4a3DYYnWOksVX8Pp82sSF5J-zYRV2OIEn-v4HPfzBIc6fQAt1sWLLlpNl5DOW0TtG72Lez1iR3ppzd42Ltloda_Hq46KF-HsroGFt_OloebKsnDkCS2m068i4nUI&pv=2

https://docs.google.com/uc?authuser=0&id=0B7OHIp98U6MXTkVfNTEzZHVpY2c&export=download

https://mega.nz/temporary/.../ugc3wShb

http://i.download.idg.pl/fannef/c04213e6f02c86a950f9d4714673178a/57b71994//zx/cyberjoy/mody/g/.../sa-mp-0.3d-R2-install.exe

http://files.cloud.naver.com/.fileLink/oKKKFK78 aVy8rfVYj jHIGr pYPx2CVm7Gu8d5s6qJslmxc3r29A1KU4yIm26bkd/.../sa-mp-0.3d-R2-install.exe

Scan 224_sa-mp-0.3d-r2-i.exe - Powered by Reason Core Security