fifa_99_tig.exe

7-Zip

Igor Pavlov

The executable fifa_99_tig.exe has been detected as malware by 10 anti-virus scanners. The program is a setup application that uses the 7z Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from s6680.chomikuj.pl and multiple other hosts.
Publisher:
Igor Pavlov

Product:
7-Zip

Description:
7z SFX

Version:
4.52 beta

MD5:
c1987eea085e2acafd088bf547c90e85

SHA-1:
1a742ca37387d29d31c1177795cb6369328e66c9

SHA-256:
e5cdad573ca51360b1c262c4ecf4f8b21cc111c67f41682462dd693b458be018

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/17/2024 12:56:55 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Gendal.dx.272
7.11.201.144

Comodo Security
UnclassifiedMalware
20725

IKARUS anti.virus
Downloader.QuickBatch
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.191.14658

McAfee
Artemis!C1987EEA085E
5600.6541

Norman
Suspicious_Gen5.BQGQ
11.20151225

Qihoo 360 Security
Win32/Trojan.4eb
1.0.0.1015

Rising Antivirus
PE:Dropper.Win32.KillAV.b!1075000294
23.00.65.151223

Trend Micro House Call
Suspicious_GEN.F47V1222
7.2.359

Vba32 AntiVirus
TrojanDropper.QuickBatch
3.12.26.3

File size:
24.6 MB (25,760,813 bytes)

Product version:
4.52 beta

Copyright:
Copyright (c) 1999-2007 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Installer:
7z Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fifa\fifa_99_tig.exe

File PE Metadata
Compilation timestamp:
8/3/2007 1:03:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:R79E/f8MklyEsaaYk4C474ErUxu4E8BPxu8W:R79EXeAXWsErjX8+

Entry address:
0x17586

Entry point:
55, 8B, EC, 6A, FF, 68, A8, AD, 41, 00, 68, 80, 75, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, F0, A0, 41, 00, 59, 83, 0D, A4, 4C, 42, 00, FF, 83, 0D, A8, 4C, 42, 00, FF, FF, 15, F4, A0, 41, 00, 8B, 0D, 88, 0B, 42, 00, 89, 08, FF, 15, F8, A0, 41, 00, 8B, 0D, 84, 0B, 42, 00, 89, 08, A1, FC, A0, 41, 00, 8B, 00, A3, A0, 4C, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 80, 09, 42, 00, 75, 0C, 68, 0E, 77, 41, 00, FF, 15, 00, A1...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
98.5 KB (100,864 bytes)

The file fifa_99_tig.exe has been seen being distributed by the following 2 URLs.

http://s6680.chomikuj.pl/File.aspx?e=D9i7289G2dUQhGH_6LvN0l88wLACuBeI7zka8YGx1G9BluI6R6H-4KxHOSNRQbAAtrsYIm8fctTyJy82kCbOagqSpvdxFUYkXN8a0HE24SRbIfRNLQ4uPGudfWGslM1RSGKCAg8wpYaImitfBTFKuQ&pv=2

Remove fifa_99_tig.exe - Powered by Reason Core Security