home

installpaladins.exe

Hi-Rez Studios Games

Hi-Rez Studios, Inc.

This is a setup and installation application. The file has been seen being downloaded from www.google.com and multiple other hosts.
Publisher:
Hi-Rez Studios  (signed by Hi-Rez Studios, Inc.)

Product:
Hi-Rez Studios Games

Description:
InstallScript Setup Launcher

Version:
3.0.0.0

MD5:
cb7a5468a9d6f39124a45580662d4564

SHA-1:
54b09aebf3465b6ce5e216f091ba120abd9a5b94

SHA-256:
67b6a5ddb84549871b128b9596650b7ec6a9a1ab6eb795cb28094ebd1b2e0512

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 6:50:34 AM UTC  (today)

File size:
49.7 MB (52,148,520 bytes)

Product version:
3.0.0.0

Copyright:
Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\installpaladins.exe

Digital Signature
Signed by:
Hi-Rez Studios, Inc.

Authority:
Symantec Corporation

Valid from:
12/11/2014 7:00:00 PM

Valid to:
9/14/2016 7:59:59 PM

Subject:
CN="Hi-Rez Studios, Inc.", O="Hi-Rez Studios, Inc.", L=Alpharetta, S=Georgia, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4E02EA4EAF1C8E8A0661702020638B

File PE Metadata
Compilation timestamp:
8/22/2011 12:09:26 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:cTH4NZCF3W0gx4Wr5HNIdK10mZAoZJlSDkgGzbhhlemrHzZrBERHQKrGSlVwW:RcWz4gTxAgJlSD+Bemj0R0W

Entry address:
0x3E03D

Entry point:
55, 8B, EC, 6A, FF, 68, A8, 85, 46, 00, 68, 68, F7, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 90, 73, 46, 00, 33, D2, 8A, D4, 89, 15, 04, E8, 47, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 00, E8, 47, 00, C1, E1, 08, 03, CA, 89, 0D, FC, E7, 47, 00, C1, E8, 10, A3, F8, E7, 47, 00, 6A, 01, E8, 0E, 2A, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, 8F, 0F, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
7.9774

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
406 KB (415,744 bytes)

The file installpaladins.exe has been seen being distributed by the following 26 URLs.

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMK~wqtDv8S~xb~Gv8M~yJBA1AqI_r7NMo83j7~Pv~1&2=10084&source=gmail&ust=1468200009478000&usg=AFQjCNG68OOEG9A-re-PjxN9HVwkju_yFQ

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMO~wpaDv8S~xb~Gv8Q~yAYaKMqBPv7KTwIxj7~Pv~B&2=10084&6=2&7=19802109&source=gmail&ust=1466873420141000&usg=AFQjCNGg85t9gnQPcpGe2IdNVqNYQR1OYw

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5w7UqwXj7~DvAqj7~Pv8J&2=10084&source=gmail&ust=1468381923163000&usg=AFQjCNFdiOZxbSsj4oNu63Mrft1m-1dmmg

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMM~wouDv8S~xb~Gv8M~yLDzn0qf5~72eclwD7~Pv~s&2=10084&source=gmail&ust=1467582948522000&usg=AFQjCNFfLWV6CPCg0GGYpotLgH1X_tL_Zg

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5gfkqSa~70uxFrz7~Pv_M&2=10084&source=gmail&ust=1468364235868000&usg=AFQjCNHfSpmsZ2g_kTmC9pEwwIyI7tc3PQ

http://hi-rez.custhelp.com/rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5ciMq4J77BlFFuz7~Pv_M&2=10084

https://www.google.com/url?hl=es&q=http://.../rd?1=AvMO~wp8Dv8S~xb~Gv8Q~yA6Yu8q~Q37m4Cmez7~Pv9v&2=10084&6=2&7=17310209&source=gmail&ust=1470104189354000&usg=AFQjCNFwHuM8sv-nmRMjLacdRaJp8bU4ig

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMO~wpaDv8S~xb~Gv8Q~yAYBMkquub73UaNAD7~Pv9E&2=10084&6=2&7=18551202&source=gmail&ust=1468686352730000&usg=AFQjCNH2Qikoq0QUNAcUv0HZNNGkIevJAg

http://hi-rez.custhelp.com/rd?1=AvMK~wqtDv8S~xb~Gv8M~yJBUXIqY6j7kTPd5T7~Pv8U&2=10084

http://hi-rez.custhelp.com/rd?1=AvMK~wqXDv8S~xb~Gv8M~yIrB44qojD79knlGz7~Pv8s&2=10084

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5ItEq4dP7y6RpjT7~Pv_g&2=10084&source=gmail&ust=1468471904608000&usg=AFQjCNFhSr4qHlTaMCnJkJ2GHMYJzRy8MA

http://hi-rez.custhelp.com/rd?1=AvMK~wqXDv8S~xb~Gv8M~yIruPQq0vL7QHxwxj7~Pv_5&2=10084

http://hi-rez.custhelp.com/rd?1=AvMK~wqXDv8S~xb~Gv8M~yIrG8oqcf77mfwZtD7~Pv~Q&2=10084

https://www.google.com/url?hl=nl&q=http://.../rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5oWoqUDj7l2EpTz7~Pv~g&2=10084&source=gmail&ust=1468433759816000&usg=AFQjCNHYwsv2w4OKwOTCXGUBc-KKQYi0DA

https://www.google.com/url?hl=en&q=http://.../rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5WQkq~xH7qumB9z7~Pv9I&2=10084&source=gmail&ust=1468351406485000&usg=AFQjCNH8H4aVa9yVhOsovtv4PRYMuPTiiw

http://hi-rez.custhelp.com/rd?1=AvMO~wpaDv8S~xb~Gv8Q~yIYPk0qrZX7lshP5j7~Pv_G&2=10084&6=2&7=5835817

http://hi-rez.custhelp.com/rd?1=AvMO~wpaDv8S~xb~Gv8Q~yIYJgEqjmn74GTU7D7~Pv8d&2=10084&6=2&7=8323256

https://www.google.com/url?hl=hu&q=http://.../rd?1=AvMO~wpaDv8S~xb~Gv8Q~yAY2p0qLvP7uMOEzj7~Pv9N&2=10084&6=2&7=20020968&source=gmail&ust=1466528405262000&usg=AFQjCNF_4IlK40sN1BYhS5AvPWEVv4L3Kg

http://hi-rez.custhelp.com/rd?1=AvMM~wouDv8S~xb~Gv8M~yLD8eMq6RX7LlA3Qj7~Pv~_&2=10084

http://hi-rez.custhelp.com/rd?1=AvMK~wqXDv8S~xb~Gv8M~yIrpSIqYwD7oWwolj7~Pv~h&2=10084

http://hi-rez.custhelp.com/rd?1=AvMK~wqXDv8S~xb~Gv8M~yIrzMoqAo37qBfx4D7~Pv84&2=10084

http://hi-rez.custhelp.com/rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5nasq3~~7_SgdwT7~Pv~U&2=10084

http://hi-rez.custhelp.com/rd?1=AvMK~wqlDv8S~xb~Gv8M~yI5S4AqtPH7pLN48z7~Pv_x&2=10084

http://hi-rez.custhelp.com/rd?1=AvMM~wqJDv8S~xb~Gv8O~yJB2jMqwLb7NXrHlT7~Pv8O&2=10037&6=2&7=6717087

http://hi-rez.custhelp.com/rd?1=AvMK~wqlDv8S~xb~Gv8M~yA55Jsqfpz7XO2AcD7~Pv9J&2=10084

http://hirez.http.internapcdn.net/.../InstallPaladins.exe

Scan installpaladins.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.