home

empire total war trainer.exe

Empire Total War Trainer

CheatHappens

The executable empire total war trainer.exe has been detected as malware by 18 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s6039.chomikuj.pl and multiple other hosts.
Publisher:
CheatHappens

Product:
Empire Total War Trainer

Version:
1.0006

MD5:
2ebaa45cd8a8a9a86b87e1a39f5ce909

SHA-1:
060cbc86d0546527d836673932f7d1a73d253d4c

SHA-256:
ac604d3c5cde9b841925cdd747bea1dbb7db54d9ca0c1a4101d402caa87e7131

Scanner detections:
18 / 68

Status:
Malware

Analysis date:
11/5/2024 6:30:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.6483035
909

Agnitum Outpost
Trojan.Buzus
7.1.1

AVG
Generic21
2015.0.3387

Bitdefender
Trojan.Generic.6483035
1.0.20.1105

Bkav FE
W32.Clod892.Trojan
1.3.0.4959

Comodo Security
TrojWare.Win32.Buzus.tony
18833

ESET NOD32
Win32/GameHack (variant)
8.10076

Fortinet FortiGate
W32/Malware_fam.NB
8/9/2014

F-Prot
W32/GameHack.E4.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.6483035
11.2014-09-08_7

G Data
Trojan.Generic.6483035
14.8.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

McAfee
Artemis!2EBAA45CD8A8
5600.7043

MicroWorld eScan
Trojan.Generic.6483035
15.0.0.663

NANO AntiVirus
Trojan.Win32.Buzus.djobz
0.28.0.60698

Norman
CheatEngine.AB
11.20140809

VIPRE Antivirus
Trojan.Win32.GameHack.f
31154

Zillya! Antivirus
Trojan.Buzus.Win32.63115
2.0.0.1855

File size:
1.3 MB (1,367,552 bytes)

Product version:
13464

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\empire total war trainer.exe

File PE Metadata
Compilation timestamp:
3/9/2009 10:59:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
24576:Tnv6PugmVb7yFO/qi/NXNfGCjSLmwsNPd3RgTJBV1Ls2wBPU:WufyFO/jNd+CjS7sNlKTJBV1Ls2wB

Entry address:
0x1000

Entry point:
68, C4, 02, 00, 00, 68, 00, 00, 00, 00, 68, 2C, DE, 53, 00, E8, 9C, 80, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, 95, 80, 00, 00, A3, 30, DE, 53, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, 82, 80, 00, 00, A3, 2C, DE, 53, 00, E8, 6C, CB, 00, 00, E8, F2, CA, 00, 00, E8, F2, C1, 00, 00, E8, 75, AF, 00, 00, E8, 2A, A7, 00, 00, E8, FD, A5, 00, 00, E8, 3D, A0, 00, 00, E8, 1E, 9A, 00, 00, E8, 84, 98, 00, 00, E8, EF, 92, 00, 00, E8, AE, 91, 00, 00, E8, 6D, 85, 00, 00, E8, 60, 9F, 00, 00...
 
[+]

Packer / compiler:
PKLITE32, 0x1.1

Code size:
79.5 KB (81,408 bytes)

The file empire total war trainer.exe has been seen being distributed by the following 2 URLs.

http://s6039.chomikuj.pl/File.aspx?e=IbotA1luxbMHysdt4yTMzVqBU6BlmBn2P85uZwIFl5hn1-SWscwv5IE8XgwzUQk-QpmbBx_MEd0_DBEEI-7aYM-uHVdX9bhjh59f4WX-gTr2phSZtg40QeQrlYDGS9jFqyueZnSQK4fIgaGt7jd0dW3vjODZIpqKkR7OUATKIAU&pv=2

http://s6039.chomikuj.pl/File.aspx?e=IbotA1luxbMHysdt4yTMzVvJMB0DDubqPqSeqtqv4Mc77pINXLMdc9V6EgtbZiQA1Z51883BqAxpQmFKANLc1RwMM7p1QNm6xxGahdATaw9Je3iJTamrns1l2pMCyZWzgSiEO5ecsX3HF-DvpTYg0_AQwDlMLd-zQlxrptS8qnI&pv=2

Remove empire total war trainer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.