home

aoe3-114-english.exe

The program is a setup application that uses the WinZip SFX installer. The file has been seen being downloaded from aom.zone.com.
MD5:
bac2c839e4bd2a81dba494f1fc93bbf1

SHA-1:
8a0c393d4d0d5e23aec0b13961f2034f81911beb

SHA-256:
d46a2220e8387f1f7872d3fffd870ec696e208e51d4212df24da65cadd8721b2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 3:38:35 PM UTC  (today)

File size:
16.2 MB (16,992,576 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

Common path:
C:\users\{user}\downloads\aoe3-114-english.exe

File PE Metadata
Compilation timestamp:
1/9/2001 7:38:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
393216:DP3qTb0WxVxpnjRP1gn/I5mHIYfDceoF3Xtah7EpqQKHBGgQ:DPqJxpXgnFHIAceo592gUQCgb

Entry address:
0x39D8

Entry point:
88, E0, F7, C5, 04, 44, BC, 0F, 81, FB, 90, 3C, 00, 00, 78, 06, 87, C5, 85, FF, 02, E9, 18, FB, F2, 0F, B7, C0, 8D, 35, AB, 90, AE, 08, 3B, D0, B6, 20, 69, D0, 4B, BA, 5C, C5, 88, C0, C7, C5, 19, 96, 95, DF, F2, 89, E9, 2A, E9, B3, 10, E8, 50, 00, 00, 00, 33, C9, 8A, C7, C7, C6, A6, 19, E2, 4C, EB, 0B, 0F, BF, EE, 8D, 35, 9A, EC, 2F, 46, 8A, C7, 69, DF, 70, D0, B5, C4, 48, 81, C1, 1E, 9C, F7, FF, 87, EA, 81, C1, E3, 63, 08, 00, 25, 72, 8B, 5E, 3F, 69, ED, 12, B8, 41, 7B, 8D, 3D, 7C, 29, CA, 7D, F3, 8B, EB...
 
[+]

Entropy:
7.9986  (probably packed)

Code size:
18.5 KB (18,944 bytes)

The file aoe3-114-english.exe has been seen being distributed by the following URL.

http://aom.zone.com/MGS/ES/loc/patch114/.../aoe3-114-english.exe

Scan aoe3-114-english.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.