cstrike killer.exe

The executable cstrike killer.exe has been detected as malware by 23 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘0cea29bd974d4b22e0e15bca6f570bd0’. The file has been seen being downloaded from dc414.2shared.com.
MD5:
c68177487230ec0b679368f49becadbf

SHA-1:
01b955f8e9625d2b7d0b05e8791f1e797d1e8fea

SHA-256:
1937d60d54e3512f5d51ef648a3c7ab9b5330b1c761ef139f1611258f732f7a7

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/26/2024 5:18:10 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Zapchast
2013.03.13

Avira AntiVirus
TR/Spy.Gen8
7.11.64.190

avast!
MSIL:Spyware-D [Spy]
2014.9-160208

AVG
PSW.ILSpy
2017.0.2839

Bitdefender
Gen:Variant.Barys.7952
1.0.20.195

Comodo Security
UnclassifiedMalware
15554

Dr.Web
Trojan.DownLoader7.34199
9.0.1.039

Emsisoft Anti-Malware
Gen:Variant.Kazy.99620
8.16.02.08.09

ESET NOD32
MSIL/Bladabindi (variant)
10.8110

Fortinet FortiGate
W32/Zapchast.UZK!tr
2/8/2016

F-Secure
Gen:Variant.Barys.7952
11.2016-08-02_2

G Data
Gen:Variant.Barys.7952
16.2.22

IKARUS anti.virus
Trojan.Msil
t3scan.2.0.0.0

Kaspersky
Trojan.MSIL.Zapchast
14.0.0.691

McAfee
Artemis!C68177487230
5600.6495

Microsoft Security Essentials
Trojan:MSIL/Bladabindi.B
1.163.1557.0

MicroWorld eScan
Gen:Variant.Barys.7952
17.0.0.117

Norman
Bladabindi.E
11.20160208

Panda Antivirus
Trj/CI.A
16.02.08.09

Sophos
Mal/Generic-S
4.86

Trend Micro House Call
TROJ_GEN.R47CDC9
7.2.39

Trend Micro
TROJ_GEN.R47CDC9
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
16016

File size:
49.5 KB (50,688 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\cstrike killer.exe

File PE Metadata
Compilation timestamp:
2/2/2013 3:26:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:rXZLpA8eXodqkFL5urTn2E5U251tlHe2Hxva9g1ag56rK19jfITJxu9AYj1duDUD:7ovSYHn26zhfjjuDU59XEJ

Entry address:
0xDCDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
42.5 KB (43,520 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
0cea29bd974d4b22e0e15bca6f570bd0

Command:
"C:\users\{user}\appdata\roaming\cstrike killer.exe"..


The file cstrike killer.exe has been seen being distributed by the following URL.

Remove cstrike killer.exe - Powered by Reason Core Security