[gcr]trainer pcheats gc reborn v6.0.exe

The executable [gcr]trainer pcheats gc reborn v6.0.exe, “PCheats Trainer GC BR” has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address single-2500a.banahosting.com on port 80 using the HTTP protocol.
Description:
PCheats Trainer GC BR

Version:
1.0.0.0

MD5:
a0de336247ff1f87c773c3ef820df391

SHA-1:
0a5d18c2df776a108e73469176485fa6249a51aa

SHA-256:
d48fda120ba90c5945cef2dc213d9be1b9ca9424a80aa35f34cbe90130d47cb5

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/27/2024 7:11:19 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
Trojan-Dropper.Delf
0.1.3.4

K7 AntiVirus
Trojan
13.10.1.22471

Kaspersky
Trojan.Win32.Pasta
14.0.0.-1197

Malwarebytes
HackTool.Trainer.CH
v2017.02.20.11

McAfee
RDN/Generic.grp
5600.6118

Qihoo 360 Security
HEUR/QVM41.1.0000.Malware.Gen
1.0.0.1120

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
2.4 MB (2,498,560 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Spanish (Peru)

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x10A098

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, 9A, 50, 00, E8, 94, CA, EF, FF, A1, BC, FB, 50, 00, 8B, 00, E8, 58, 5E, F5, FF, A1, BC, FB, 50, 00, 8B, 00, BA, 18, A1, 50, 00, E8, 2F, 5A, F5, FF, 6A, 00, E8, 98, C6, F0, FF, 8B, 0D, 3C, FD, 50, 00, A1, BC, FB, 50, 00, 8B, 00, 8B, 15, 8C, 81, 50, 00, E8, 40, 5E, F5, FF, 8B, 0D, 9C, F8, 50, 00, A1, BC, FB, 50, 00, 8B, 00, 8B, 15, F8, 8E, 50, 00, E8, 28, 5E, F5, FF, A1, BC, FB, 50, 00, 8B, 00, E8, 9C, 5E, F5, FF, E8, 3F, A5, EF, FF, 00, 00, 00, FF, FF, FF, FF, 0F, 00, 00, 00...
 
[+]

Entropy:
6.7211

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,085,952 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to single-2500a.banahosting.com  (65.60.8.51:80)

TCP (HTTP):
Connects to cluster010.ovh.net  (87.98.231.19:80)

TCP (HTTP SSL):
Connects to mpr2.ngd.vip.sg3.yahoo.com  (106.10.198.32:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

Remove [gcr]trainer pcheats gc reborn v6.0.exe - Powered by Reason Core Security