home

{blocked}.exe

FezzBypass

The executable {blocked}.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download654.mediafire.com.
Product:
FezzBypass

Version:
1.0.0.0

MD5:
dd404449abd58b3e4d7b62b0b69aa224

SHA-1:
c29b65b5b75e08a7878fdd64447558cdb295b670

SHA-256:
fc28af118286675e85bc97585d6e1663456fc7f76bb08b786b8b2fbe951ef602

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/27/2024 5:37:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Blacked
2017.0.2682

Baidu Antivirus
Hacktool.MSIL.GameHack
4.0.3.16715

Bkav FE
HW32.Packed
1.3.0.7383

ESET NOD32
MSIL/GameHack.GQ potentially unsafe (variant)
10.12656

McAfee
Artemis!DD404449ABD5
5600.6338

Sophos
Generic PUA MC (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45554

File size:
741 KB (758,784 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
FezzBypass.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\fezzbypass-multiclient.exe

File PE Metadata
Compilation timestamp:
11/6/2015 4:07:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:0+ZYOxXnvLavpVOXXRu4RVM6AGMpxtExs8Cf1ruSQ65MnC/U/2:0+j1v+XEXRu2AGMztExir06E

Entry address:
0x2593

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, E9, 11, 43, 00, 0A, 2F, 61, 7B, 9C, B1, E8, AE, 56, 77, 67, 6B, 28, 75, D7, F4, 59, 9F, 71, BE, 5A, 0D, E6, 13, FF, 65, D7, DE, 7C, 2C, AF, 55, E8, A6, 08, 89, 45, 47, 36, 2C, A1, 57, 27, 83, 97, 62, 3A, 72, 14, 7F, DF, C3, 92, 75, FC, 92, B4, B7, F5, 83, DF, D7, D2, 0C, 41, 5F, 09, AA, AA, D5, B6, EB, 46, 66, 0D, 0C, AA, 7D, 1D, 80, BD, A7, DD, B5, FB, BB, C0, 9F, A3, 5E, D2, 2F, 74, F9, DC, 00, 52, C4, 4D, 46...
 
[+]

Entropy:
7.9734

Developed / compiled with:
Microsoft Visual C++

Code size:
61.5 KB (62,976 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

http://download654.mediafire.com/9db4mcy3frcg/.../FezzBypass-MultiClient.exe

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.