INVOICES.exe

The Witcher 3

KeyFinder LTD

The executable INVOICES.exe has been detected as malware by 5 anti-virus scanners.
Publisher:
CD Projekt Red  (signed by KeyFinder LTD)

Product:
The Witcher 3

Version:
3.0.0

MD5:
78bc2b5d3fcfdcf80a758e6778095352

SHA-1:
ce983ca9444575b68e46fff8fd18800534d4f134

SHA-256:
06086c8ad6ae39a1c525c8f41695476384b517e275223423f80a432fbc2017e2

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/25/2024 7:54:46 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160518-2

Dr.Web
Trojan.PWS.Siggen1.52859
9.0.1.05190

ESET NOD32
MSIL/Injector.PEW trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.221.606.0

Norman
Trojan.GenericKD.3261401
19.05.2016 05:17:13

File size:
713.5 KB (730,632 bytes)

Product version:
3.0.0

Copyright:
Copyright © 2012 CD Projekt Red.

Original file name:
INVOICES.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\invoices.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/26/2013 1:33:53 AM

Valid to:
4/26/2016 10:14:03 PM

Subject:
CN=KeyFinder LTD, O=KeyFinder LTD, L=Eastbourne, S="EAST SUSSEX ", C=GB

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B12EAD0A0A9F5

File PE Metadata
Compilation timestamp:
5/24/2016 10:02:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:3cazyaGcUN9gbCn/6DBssh7gXyjZB18JSJOt1kHRLut:MazyvcQ/NsLQ8welQ

Entry address:
0xAD4FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0000

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
688 KB (704,512 bytes)

Remove INVOICES.exe - Powered by Reason Core Security