» bloodstrike.exe
Overview
Analysis
File Details
Downloads (28)
Network (79)

bloodstrike.exe

XCloudGame

Beijing AmazGame Age Internet Technology Co., Ltd.

The application bloodstrike.exe, “XCloudGame Module” by Beijing AmazGame Age Internet Technology Co. has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download805.mediafire.com and multiple other hosts. While running, it connects to the Internet address 254-161-111-65.serverpronto.com on port 80 using the HTTP protocol.

File name:

bloodstrike.exe

Publisher:

XCloudgame.com (signed by Beijing AmazGame Age Internet Technology Co., Ltd.)

Product:

XCloudGame

Description:

XCloudGame Module

Version:

1, 0, 0, 1

MD5:

1b931e748b01e8a4a1a90245054a3e2e

SHA-1:

c50b5c9325f63d648374453726284c25453c8a0e

SHA-256:

56238da5fc2ea97cb662fb14a04258c071a2c9a535c418241fbd88198a72c4c1

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 1:07:52 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Adware.Mobogenie.A application

6.3.12010.0

Reason Heuristics

PUP.Optional.BeijingA

16.12.22.16

File size:

1.3 MB (1,377,960 bytes)

Product version:

1, 0, 0, 1

Original file name:

XCloudGame.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\bloodstrike.exe

Digital Signature

Signed by:

Beijing AmazGame Age Internet Technology Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

3/15/2012 9:00:00 PM

Valid to:

6/15/2015 8:59:59 PM

Subject:

CN="Beijing AmazGame Age Internet Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing AmazGame Age Internet Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

22CF7DA7B76FC5C4E77225CFA1BDA497

File PE Metadata

Compilation timestamp:

9/19/2014 3:09:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:PUPtZdrlwWa+MMymntxH6MWWot4wWJdSEErNuKD8NuohJWBW2aoiysO:Ghrlpa+su6Ww4w6dSPNuKD8NuohJWBWo

Entry address:

0x73146

Entry point:

E8, 8E, E8, 00, 00, E9, 89, FE, FF, FF, 83, 3D, B8, D5, 4B, 00, 00, 0F, 84, 40, E9, 00, 00, 83, EC, 08, 0F, AE, 5C, 24, 04, 8B, 44, 24, 04, 25, 80, 7F, 00, 00, 3D, 80, 1F, 00, 00, 75, 0F, D9, 3C, 24, 66, 8B, 04, 24, 66, 83, E0, 7F, 66, 83, F8, 7F, 8D, 64, 24, 08, 0F, 85, 0F, E9, 00, 00, EB, 00, F3, 0F, 7E, 44, 24, 04, 66, 0F, 28, 15, 70, CA, 4A, 00, 66, 0F, 28, D8, 66, 0F, 28, C8, 66, 0F, 28, E0, 66, 0F, 28, F0, 66, 0F, 73, F0, 01, 66, 0F, 73, D0, 35, 66, 0F, 73, D3, 34, 66, 0F, 54, 25, 80, CA, 4A, 00, 66... 
[+]

Code size:

639 KB (654,336 bytes)

The file bloodstrike.exe has been seen being distributed by the following 28 URLs.

http://download805.mediafire.com/woie8zoijfug/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/u2g7zq9q5b0g/.../New-BloodstrikeClient.exe

http://download1667.mediafire.com/qon8wl5i4wvg/.../New-BloodstrikeClient.exe

http://download835.mediafire.com/qltpmf2967sg/.../New-BloodstrikeClient.exe

http://download1217.mediafire.com/c5c5mzihy3ng/.../New-BloodstrikeClient.exe

http://download1701.mediafire.com/52snaq6m5big/.../New-BloodstrikeClient.exe

http://download805.mediafire.com/b6vfaqc27cqg/.../New-BloodstrikeClient.exe

http://download1036.mediafire.com/b706o6e4ratg/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/9xxeyhir88rg/.../New-BloodstrikeClient.exe

http://download2114.mediafire.com/243ojh3pkx7g/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/clznb6ko57ug/.../New-BloodstrikeClient.exe

http://download805.mediafire.com/913pq8v81djg/.../New-BloodstrikeClient.exe

http://download1701.mediafire.com/x8ksos63926g/.../New-BloodstrikeClient.exe

http://download1763.mediafire.com/8z7mk6qlrzhg/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/5z6916fx5vyg/.../New-BloodstrikeClient.exe

http://download688.mediafire.com/1iz4m5ujjl1g/.../New-BloodstrikeClient.exe

http://download1701.mediafire.com/2rpa56mbbvvg/.../New-BloodstrikeClient.exe

http://download1270.mediafire.com/iv9yok711ueg/.../New-BloodstrikeClient.exe

http://download2114.mediafire.com/bcb4ca225dng/.../New-BloodstrikeClient.exe

http://download805.mediafire.com/e6gcp8anch0g/.../New-BloodstrikeClient.exe

http://download1270.mediafire.com/57g7k5o5uicg/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/12xggf61f2gg/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/2tkh1285rb9g/.../New-BloodstrikeClient.exe

http://download2217.mediafire.com/p9a7lezfriag/.../New-BloodstrikeClient.exe

http://download805.mediafire.com/q80cnuxy6gog/.../New-BloodstrikeClient.exe

http://download2114.mediafire.com/aado64nz4jmg/.../New-BloodstrikeClient.exe

http://download805.mediafire.com/ok02j3rn8w8g/.../New-BloodstrikeClient.exe

http://br.util.xcloudgame.com/bloodstrikeUtil/.../downminclient.php

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 254-161-111-65.serverpronto.com (65.111.161.254:80)

TCP (HTTP SSL):

Connects to 166-161-111-65.serverpronto.com (65.111.161.166:443)

TCP:

Connects to 107.154.51.11.ip.incapdns.net (107.154.51.11:2000)

TCP (HTTP SSL):

Connects to ec2-52-37-88-211.us-west-2.compute.amazonaws.com (52.37.88.211:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-gru2.facebook.com (31.13.85.36:443)

TCP (HTTP SSL):

Connects to ec2-52-35-31-109.us-west-2.compute.amazonaws.com (52.35.31.109:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-02-gru2.fbcdn.net (157.240.12.16:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-gru2.fbcdn.net (31.13.85.4:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-gru2.facebook.com (31.13.85.8:443)

TCP (HTTP SSL):

Connects to a23-76-243-182.deploy.static.akamaitechnologies.com (23.76.243.182:443)

TCP (HTTP SSL):

Connects to server-52-84-126-51.iad16.r.cloudfront.net (52.84.126.51:443)

TCP (HTTP SSL):

Connects to server-52-84-126-232.iad16.r.cloudfront.net (52.84.126.232:443)

TCP (HTTP SSL):

Connects to server-54-192-36-104.jfk1.r.cloudfront.net (54.192.36.104:443)

TCP (HTTP SSL):

Connects to server-52-84-126-119.iad16.r.cloudfront.net (52.84.126.119:443)

TCP (HTTP SSL):

Connects to edge-star-shv-02-gru2.facebook.com (157.240.12.13:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-02-gru2.facebook.com (157.240.12.35:443)

TCP (HTTP SSL):

Connects to edge-atlas-shv-01-gru2.facebook.com (31.13.85.1:443)

TCP (HTTP SSL):

Connects to 201-016-144-145.ctbctelecom.com.br (201.16.144.145:443)

TCP (HTTP SSL):

Connects to server-54-230-163-225.jax1.r.cloudfront.net (54.230.163.225:443)

TCP (HTTP SSL):

Connects to server-54-192-36-37.jfk1.r.cloudfront.net (54.192.36.37:443)

Remove bloodstrike.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.