home

emulator.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 37823821567170.akvariumchik.ru and multiple other hosts.
MD5:
d81c7c4b503bf563b6e83f5f69648b7b

SHA-1:
c3d80befe75a1e6566def792e2b5162a42c201fc

SHA-256:
f89e3d45f9eaba273fc07e9d8a1ad93274ae6babddcf89c469bd836fe69b4bb6

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 9:47:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.57260
260

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16519

Qihoo 360 Security
QVM20.1.Malware.Gen
1.0.0.1120

File size:
1 MB (1,060,077 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\emulator.exe

File PE Metadata
OS version:
14.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
24576:eGMjutISjBf1eUwHJUjwWty2pAaTzKRJl3pJbFKg3ZDxB:eWtIStdZwpAwW0O/KHhp9FKSZFB

Entry address:
0x172A

Entry point:
55, 8B, EC, 6A, 90, 68, B0, 22, 40, 00, 68, 6A, 19, 40, 00, 64, A1, 00, 00, 00, 00, 60, 64, 89, 25, 90, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 00, 43, 40, 00, 59, 83, 0D, 0C, 3C, 40, 00, FF, 83, 90, 10, 3C, 40, 00, FF, FF, 90, C4, 43, 40, 00, 8B, 0D, 00, 3C, 40, 00, 89, 08, FF, 15, C0, 43, 40, 00, 8B, 0D, FC, 3B, 40, 00, 89, 08, A1, BC, 43, 40, 00, 8B, 00, A3, 08, 3C, 40, 00, E8, 7E, FD, FF, FF, 90, 1D, 20, 3B, 40, 00, 75, 0C, 68, 66, 19, 40, 00, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
4 KB (4,096 bytes)

The file emulator.exe has been seen being distributed by the following 4 URLs.

http://37823821567170.akvariumchik.ru/75232527460659/call-of-duty-world-at-war-error-english-patch-ff-informant/.../?load=1

https://fs06n4.sendspace.com/dl/6ec65ac8c25a914f89b7f12eac8f7a2e/573eb9121113dc70/.../cheat.exe

http://87274507799448.akvariumchik.ru/99013933436608/download-keygen-gta-v-untested/.../?load=1

http://88816071461055.akvariumchik.ru/93728719251207/corpse-party-the-anthology-english-patch-estimation/.../?load=1

Scan emulator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.