counter-strike global offensive.exe

The executable counter-strike global offensive.exe has been detected as malware by 9 anti-virus scanners. While running, it connects to the Internet address dev.ucoz.net on port 80 using the HTTP protocol.
MD5:
219c9cb02bf4cd60fdb0acc1b8b16649

SHA-1:
c617b49ec4d0eeaf07fcc2f6b41e2635c7d8a9dd

SHA-256:
212c113ce518730394441a3a309cc3b5ec7bc14a3e0ee26a9d25f72e0b15b3cb

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/5/2024 2:44:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3058180
346

Arcabit
Trojan.Generic.D2EAA04
1.0.0.656

Bitdefender
Trojan.GenericKD.3058180
1.0.20.275

Emsisoft Anti-Malware
Trojan.GenericKD.3058180
8.16.02.24.09

F-Secure
Trojan.GenericKD.3058180
11.2016-24-02_4

G Data
Trojan.GenericKD.3058180
16.2.25

McAfee
Artemis!219C9CB02BF4
5600.6480

MicroWorld eScan
Trojan.GenericKD.3058180
17.0.0.165

nProtect
Trojan.GenericKD.3058180
16.02.22.01

File size:
1.3 MB (1,346,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\counter-strike global offensive\counter-strike global offensive.exe

File PE Metadata
Compilation timestamp:
9/20/2010 4:19:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:GDYoP1JgW1tQ2IXUFTBVx2S8lsdu1Hy+mWdyYoltCCiTl0nI8QJiCsnibY9fJs:GkUQIF2AaHTn8Q8Nni4

Entry address:
0xCDD08

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 4C, BE, 4C, 00, E8, 65, 95, F3, FF, 33, C0, 55, 68, EA, DD, 4C, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, BB, DD, 4C, 00, 64, FF, 30, 64, 89, 20, A1, 70, 50, 4D, 00, 8B, 00, E8, E1, A6, F9, FF, A1, 70, 50, 4D, 00, 8B, 00, BA, 04, DE, 4C, 00, E8, 88, A1, F9, FF, A1, 70, 50, 4D, 00, 8B, 00, BA, 04, DE, 4C, 00, E8, C7, B2, F9, FF, E8, 66, B2, FA, FF, 84, C0, 75, 43, E8, FD, AF, FA, FF, 83, 78, 08, 00, 74, 14, E8, F2, AF, FA, FF, 8B, 50, 08, A1, 70, 50, 4D, 00, 8B, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
817 KB (836,608 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dev.ucoz.net  (193.109.246.54:80)

TCP (HTTP):
Connects to Host-46-174-53-234.rs-media.ru  (46.174.53.234:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (213.180.193.119:443)

TCP (HTTP):
Connects to ip-172-26-136-19.ec2.internal  (172.26.136.19:80)

Remove counter-strike global offensive.exe - Powered by Reason Core Security