fifa_14.exe

Setup

The executable fifa_14.exe has been detected as malware by 19 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from 7games7.com and multiple other hosts.
Product:
Setup

Version:
0.0.8.1

MD5:
98d96fc96ad483b9cc81f5f9aab7fa20

SHA-1:
056749cdd95520acc8fb40d8273348d01148a8b7

SHA-256:
bc3bc60fd133da00bea1cd1639197508b501cdf72ed739934a0668eb1fc50d86

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
12/25/2024 1:32:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.344532
248

AVG
MSIL4
2017.0.2726

Baidu Antivirus
Trojan.MSIL.Surveyer
4.0.3.1661

Bitdefender
Gen:Variant.Kazy.344532
1.0.20.765

Comodo Security
UnclassifiedMalware
19544

Emsisoft Anti-Malware
Gen:Variant.Kazy.344532
8.16.06.01.12

ESET NOD32
MSIL/Surveyer (variant)
10.10433

Fortinet FortiGate
MSIL/Surveyer.V!tr
6/1/2016

F-Secure
Gen:Variant.Kazy.344532
11.2016-01-06_4

G Data
Gen:Variant.Kazy.344532
16.6.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.183.13407

McAfee
Artemis!98D96FC96AD4
5600.6382

MicroWorld eScan
Gen:Variant.Kazy.344532
17.0.0.459

Norman
Suspicious_Gen4.GVMAB
11.20160601

Qihoo 360 Security
Win32/Trojan.cd0
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBB01GK14
7.2.153

VIPRE Antivirus
Win32.Malware!Drop
33204

File size:
2.1 MB (2,190,336 bytes)

Product version:
0.0.8.1

Copyright:
Copyright © 2013

Original file name:
FIFA 14.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\fifa_14.exe

File PE Metadata
Compilation timestamp:
4/11/2014 10:47:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:KBjtCjx/yQJRWGg8dAx4zHFTgYEjx/yQJRWGg8dAx4zHFT:KMlXnndLHhclXnndLHh

Entry address:
0x20C36E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4441

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2 MB (2,139,136 bytes)

The file fifa_14.exe has been seen being distributed by the following 2 URLs.

http://7games7.com/FIFA_14.exe

Remove fifa_14.exe - Powered by Reason Core Security