godfather.exe

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from download2059.mediafire.com and multiple other hosts.
MD5:
388a63470c781716cbf8507346cb1f0c

SHA-1:
f2f06d99f55cfdbc9656e856c1b3faf375a0e9d1

SHA-256:
6cb0187841780c2d89f5b7b4257a71f4e924dccf91d57b3f4fb790c1d2b986b4

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/25/2024 5:07:33 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4959

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15522

File size:
13.6 MB (14,254,156 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\electronic arts\el padrino® el videojuego\godfather.exe

File PE Metadata
Compilation timestamp:
2/22/2006 2:38:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
196608:6CiMdJgb3PSDd7qSALtqJ11jX2bBIV4PC:6zMdJgLfHtqJTjX2H

Entry address:
0xCBF06E

Entry point:
55, 8B, EC, 60, BB, 6E, F0, 0B, 01, B8, 0D, F0, 0B, 01, 33, C9, 8A, 08, 85, C9, 74, 0C, B8, E4, F0, 0B, 01, 2B, C3, 83, E8, 05, EB, 0E, 51, B9, 2B, F1, 0B, 01, 8B, C1, 2B, C3, 03, 41, 01, 59, C6, 03, E9, 89, 43, 01, 51, 68, D9, EF, 0B, 01, 33, C0, 85, C9, 74, 05, 8B, 45, 08, EB, 00, 50, E8, 25, FC, FF, FF, 83, C4, 08, 59, 83, F8, 00, 74, 1C, C6, 03, C2, C6, 43, 01, 0C, 85, C9, 74, 09, 61, 5D, B8, 00, 00, 00, 00, EB, 96, 50, B8, F9, EF, 0B, 01, FF, 10, 61, 5D, EB, 47, 80, 7C, 24, 08, 00, 75, 40, 51, 8B, 4C...
 
[+]

Entropy:
7.8434

Developed / compiled with:
Microsoft Visual C++

Code size:
6.6 MB (6,889,472 bytes)

Scheduled Task
Task name:
{1C4C2D3C-9CEC-4222-A5DF-FFF28F405A22}

Trigger:
Registration (Runs on registration)


The file godfather.exe has been seen being distributed by the following 2 URLs.

Scan godfather.exe - Powered by Reason Core Security