home

aegis.exe

Neowiz CORPORATION

This is a setup program which is used to install the application. The file has been seen being downloaded from download1755.mediafire.com and multiple other hosts.
Publisher:
Neowiz CORPORATION  (signed and verified)

MD5:
febc69aefe1042a568f25cb05abffd09

SHA-1:
33092eb3bd1e1e906ba7c74f0a52bac18dfe129b

SHA-256:
f7b67b5d5ac80f917cae082ae2cf86b50c922ff4f7a9934333e3cf0dce63df3c

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 8:25:43 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14122

File size:
661.8 KB (677,704 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\z8games\crossfire\aegis.exe

Digital Signature
Signed by:
Neowiz CORPORATION

Authority:
VeriSign, Inc.

Valid from:
10/20/2010 5:00:00 PM

Valid to:
11/20/2011 3:59:59 PM

Subject:
CN=Neowiz CORPORATION, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Neowiz CORPORATION, L=Gangnam, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
75CB09CA786F6E86DDA3503B312D58E2

File PE Metadata
Compilation timestamp:
10/26/2010 10:42:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:/MF9eQPHBktEz7U6aRPPReHm37TTdxJbMBeN3/zW85iVxxb+9d:c9ecqaz7V2ZUAN/bVPzd5iPxId

Entry address:
0xAFD3

Entry point:
52, BA, 64, 00, 00, 00, EB, 1B, B9, 00, 10, 00, 00, EB, 05, 03, C1, 03, C3, 49, 0B, C9, 75, F7, 52, 54, 54, FF, 15, 40, E0, 41, 00, 5A, 4A, 0B, D2, 75, E1, 5A, E9, 00, C0, 15, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 07, 00, 03, 00, 00, 00, 48, 00, 00, 80, 04, 00, 00, 00, A0, 00, 00, 80, 05, 00, 00, 00, B8, 00, 00, 80, 06, 00, 00, 00, D0, 00, 00, 80, 09, 00, 00, 00, E8, 00, 00, 80, 0E, 00, 00, 00, 00, 01, 00, 80, 18, 00, 00, 00, 20, 01, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00...
 
[+]

Entropy:
7.7701  (probably packed)

Code size:
56 KB (57,344 bytes)

The file aegis.exe has been discovered within the following programs.

CF_Full_1121  by VTCGame
cf.vtc.vn
About 4% of users remove it
CF_setup_120705 version 1060  by GameClub
cf.gameclub.com
About 5% of users remove it
Cross Fire  by Mail.Ru
CrossFire is a first-person shooter that features two Mercenary corporations fighting each other in an epic global conflict.
cfire.mail.ru
20% remove it
Cross Fire En  by Z8Games.com
Publisher's description - “Cross Fire is a free online first-person shooter featuring persistent rankings and five game modes – including the exclusive stealth-action Ghost Mode.”
www.z8games.com
24% remove it
Crossfire Europe  by SG Interactive
www.crossfire-eu.com
About 7% of users remove it
Crossfire PH version 1079  by GameClub
cf.ph.gameclub.com/main/cfmain.asp
About 5% of users remove it
CrossFire(Remove only)  by GameClub
51% remove it
S4 League Indonesia versi OBT  by LYTOGAME.com
s4.lytogame.com
About 9% of users remove it
 
Powered by Should I Remove It?

The file aegis.exe has been seen being distributed by the following 3 URLs.

http://download1755.mediafire.com/fbmddfppw8wg/.../Aegis.exe

temp:Aegis.exe

http://dc169.4shared.com/download/.../aegis.exe

Scan aegis.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.