home

Couatl.exe

Couatl Scripting Engine for FSX/ESP

VIRTUALI Sagl

This is a setup program which is used to install the application. The file has been seen being downloaded from www.fsdreamteam.com.
Publisher:
Gamecentric  (signed by VIRTUALI Sagl)

Product:
Couatl™ Scripting Engine for FSX/ESP

Version:
3.1.0.3467

MD5:
aeffb7189d314bbc01c03560d44f6b6c

SHA-1:
a3fe081e2a45434f86e1cbd7863d08a7406f1c24

SHA-256:
725c8c5dbed528797ad2d9b17252bc7c97f1ea047f6075a25d4be4af84d90be5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 10:28:08 AM UTC  (today)

File size:
7.7 MB (8,112,416 bytes)

Product version:
3.1.0.0

Copyright:
Copyright © 2015 Gamecentric

Original file name:
Couatl.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\couatl.exe

Digital Signature
Signed by:
VIRTUALI Sagl

Authority:
COMODO CA Limited

Valid from:
3/19/2016 6:00:00 PM

Valid to:
11/15/2016 5:59:59 PM

Subject:
CN=VIRTUALI Sagl, OU=VIRTUALI Sagl, O=VIRTUALI Sagl, STREET=Via al Pero 28f, L=Genestrerio, S=Genestrerio, PostalCode=6852, C=CH

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BEAA606EEC2BB1EC3AF0033F4DF7C383

File PE Metadata
Compilation timestamp:
5/31/2016 11:41:08 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:NOgIax7gc1T+DfYWHvlrt6y2GwKoQLIJSlXTvM7ece8UjTzeGp+vc3luJ8dz7mXe:kex7gc4DAWPlrt6y2GwKoQLIJSlXTvM+

Entry address:
0xF8A2C4

Entry point:
EB, 08, 00, DC, 4B, 00, 00, 00, 00, 00, 60, E8, 00, 00, 00, 00, 5D, 81, ED, 10, 00, 00, 00, 81, ED, C4, A2, F8, 00, E9, 04, 00, 00, 00, 8F, B6, B7, 3A, B8, C4, A2, F8, 00, 03, C5, 81, C0, 4C, 00, 00, 00, B9, 86, 05, 00, 00, BA, 15, D8, 4F, BF, 30, 10, 40, 49, 0F, 85, F6, FF, FF, FF, E9, 04, 00, 00, 00, C5, C5, 2D, 01, 9E, D8, 9E, 9C, 29, 15, 15, 15, 94, D4, ED, 15, 15, 15, 16, D8, AD, 13, 15, 15, 15, AF, 3D, 15, 15, 15, E2, F7, 16, DD, 9E, 94, 19, 15, 15, 15, 16, D0, 45, 45, 7D, DD, BF, 38, 15, 7D, EC, E2...
 
[+]

Entropy:
7.9915  (probably packed)

Code size:
1.8 MB (1,871,360 bytes)

The file Couatl.exe has been seen being distributed by the following URL.

http://www.fsdreamteam.com/download/setup/.../Couatl.exe

Scan Couatl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.