» Draughts.exe
Overview
Analysis
File Details

Draughts.exe

BIZNES KONNEKT, OOO

The application Draughts.exe by BIZNES KONNEKT, OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Draughts.exe

Publisher:

Draughts (signed by BIZNES KONNEKT, OOO)

Product:

Draughts

Version:

2.0.0.1

MD5:

a4ec88d9542c84f9cc96a52939d3402f

SHA-1:

502a2a0d2a556a0259fb7f5998bd48ec3c65be23

SHA-256:

513578add17b2ae853aea6144b8d30fdd805768206e6bae923cf5c164c8c0a5b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 9:43:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PUP.HomePageDef (M)

16.9.27.3

File size:

1.6 MB (1,720,320 bytes)

Product version:

2.0.0.1

Original file name:

Draughts.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\checkers\draughts\draughts.exe

Digital Signature

Signed by:

BIZNES KONNEKT, OOO

Authority:

COMODO CA Limited

Valid from:

5/17/2016 2:00:00 AM

Valid to:

5/18/2017 1:59:59 AM

Subject:

CN="BIZNES KONNEKT, OOO", O="BIZNES KONNEKT, OOO", STREET="Aviamotornaya street, 7", L=Moscow, S=Moscow, PostalCode=125438, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

65E5775EABE2EE9ECC613DBE3E631A7E

File PE Metadata

Compilation timestamp:

6/2/2016 12:15:20 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.71

CTPH (ssdeep):

12288:lClQDkwTh0hh7u/EJLAJvpXO5jh25QQPgV6OYG:lClQ3Tyhlu/EJUJFiMJYV6O

Entry address:

0x2270

Entry point:

EB, 00, 60, 9C, E8, DF, F5, FF, FF, 83, F8, 00, 75, 14, E8, BD, F9, FF, FF, 83, F8, 00, 75, 0A, 9D, 61, FF, 25, 1F, 40, 40, 00, EB, 04, 9D, 61, EB, 00, 68, 00, 00, 00, 00, FF, 15, EC, 51, 40, 00, 55, 89, E5, 8B, 45, 08, 3B, 45, 10, 75, 0C, B8, 00, 00, 00, 00, C9, C2, 14, 00, 90, 90, 90, B8, 07, 00, 00, 00, C9, C2, 14, 00, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 04, EB, 00, 83, 3D, 23, 40, 40, 00, 00, 0F, 84, AB, 00, 00, 00, A1, 23, 40, 40, 00, 8B, 40, 08, 00, E0, 02, 80, 0C, 40, 00, 00, A2, 30, 40... 
[+]

Code size:

11.5 KB (11,776 bytes)

Remove Draughts.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.