flvplayer.exe

Tomb Raider: Anniversary

Eidos Inc.

The executable flvplayer.exe has been detected as malware by 30 anti-virus scanners. The file has been seen being downloaded from download1120.mediafire.com.
Publisher:
Eidos Inc.

Product:
Tomb Raider: Anniversary

Version:
1.0.9

MD5:
3a288f1235ca86c38d7f454f97a000e0

SHA-1:
e29fdd85e2de40789686112764d3023f3194a192

SHA-256:
6df5798d3a5d4fc9fedff588088acb49a625eb4d1df35af30dbc27852f3c119c

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
12/25/2024 1:22:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1635856
216

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Trojan.Blocker
7.1.1

AhnLab V3 Security
Spyware/Win32.ActualSpy
2014.07.12

Avira AntiVirus
TR/Changeling.A.2032
7.11.160.46

avast!
Win32:Dropper-gen [Drp]
2014.9-160702

AVG
MSIL3
2017.0.2694

Baidu Antivirus
Trojan.Win32.ZBot
4.0.3.1672

Bitdefender
Trojan.GenericKD.1635856
1.0.20.920

Comodo Security
UnclassifiedMalware
18844

Dr.Web
Trojan.Inject1.41622
9.0.1.0184

Emsisoft Anti-Malware
Trojan.GenericKD.1635856
8.16.07.02.12

Fortinet FortiGate
W32/Blocker.EGHT!tr
7/2/2016

F-Secure
Trojan.GenericKD.1635856
11.2016-02-07_7

G Data
Trojan.GenericKD.1635856
16.7.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12701

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.-33

McAfee
RDN/Ransom!ee
5600.6350

MicroWorld eScan
Trojan.GenericKD.1635856
17.0.0.552

NANO AntiVirus
Trojan.Win32.Blocker.cwsspy
0.28.0.60698

Norman
Troj_Generic.TPHME
11.20160702

nProtect
Trojan.GenericKD.1635856
14.07.11.01

Panda Antivirus
Generic Malware
16.07.02.12

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Quick Heal
TrojanRansom.Blocker.r3
7.16.14.00

Trend Micro House Call
TROJ_GEN.R0CBC0FDR14
7.2.184

Trend Micro
TROJ_GEN.R0CBC0FDR14
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
31178

Zillya! Antivirus
Trojan.Blocker.Win32.16692
2.0.0.1855

File size:
293.5 KB (300,544 bytes)

Product version:
1.0.9

Copyright:
Copyright (C) 2007 Eidos Inc.

Trademarks:
Crystal Dynamics(R), the Crystal Dynamics(R) logo and the Eidos(R) logo are registered trademarks of the Eidos Group of Companies

Original file name:
47.exe

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
4/7/2014 8:52:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:86g8v4dbtYzMKHBqHjPicIJd7XqP7XL49Y5ggogXjvrZzouncvh9GMlXxSti:BGF0BqDPicIJ1KXL+Yevh9GMlXEti

Entry address:
0x1B0FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2649

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
100.5 KB (102,912 bytes)

The file flvplayer.exe has been seen being distributed by the following URL.

Remove flvplayer.exe - Powered by Reason Core Security