» [gcr]trainer pcheats gc reborn v6.0.exe
Overview
Analysis
File Details
Network (4)

[gcr]trainer pcheats gc reborn v6.0.exe

The executable [gcr]trainer pcheats gc reborn v6.0.exe, “PCheats Trainer GC BR” has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address single-2500a.banahosting.com on port 80 using the HTTP protocol.

File name:

Description:

PCheats Trainer GC BR

Version:

1.0.0.0

MD5:

a0de336247ff1f87c773c3ef820df391

SHA-1:

0a5d18c2df776a108e73469176485fa6249a51aa

SHA-256:

d48fda120ba90c5945cef2dc213d9be1b9ca9424a80aa35f34cbe90130d47cb5

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

11/14/2024 9:12:34 PM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Trojan-Dropper.Delf

0.1.3.4

K7 AntiVirus

Trojan

13.10.1.22471

Kaspersky

Trojan.Win32.Pasta

14.0.0.-1197

Malwarebytes

HackTool.Trainer.CH

v2017.02.20.11

McAfee

RDN/Generic.grp

5600.6118

Qihoo 360 Security

HEUR/QVM41.1.0000.Malware.Gen

1.0.0.1120

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

2.4 MB (2,498,560 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Spanish (Peru)

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x10A098

Entry point:

55, 8B, EC, 83, C4, F0, B8, A0, 9A, 50, 00, E8, 94, CA, EF, FF, A1, BC, FB, 50, 00, 8B, 00, E8, 58, 5E, F5, FF, A1, BC, FB, 50, 00, 8B, 00, BA, 18, A1, 50, 00, E8, 2F, 5A, F5, FF, 6A, 00, E8, 98, C6, F0, FF, 8B, 0D, 3C, FD, 50, 00, A1, BC, FB, 50, 00, 8B, 00, 8B, 15, 8C, 81, 50, 00, E8, 40, 5E, F5, FF, 8B, 0D, 9C, F8, 50, 00, A1, BC, FB, 50, 00, 8B, 00, 8B, 15, F8, 8E, 50, 00, E8, 28, 5E, F5, FF, A1, BC, FB, 50, 00, 8B, 00, E8, 9C, 5E, F5, FF, E8, 3F, A5, EF, FF, 00, 00, 00, FF, FF, FF, FF, 0F, 00, 00, 00... 
[+]

Entropy:

6.7211

Developed / compiled with:

Microsoft Visual C++

Code size:

1 MB (1,085,952 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to single-2500a.banahosting.com (65.60.8.51:80)

TCP (HTTP):

Connects to cluster010.ovh.net (87.98.231.19:80)

TCP (HTTP SSL):

Connects to mpr2.ngd.vip.sg3.yahoo.com (106.10.198.32:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-hkg3.facebook.com (31.13.95.36:443)

Remove [gcr]trainer pcheats gc reborn v6.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.