home

iwatch-dvr-2.exe

Executable for Mahjong Titans Game

LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application iwatch-dvr-2.exe, “Executable for Mahjong Titans Game” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from creamreactionbasket.ru.
Publisher:
Microsoft Corporation  (signed by LLC )

Product:
Microsoft® Windows® Operating System

Description:
Executable for Mahjong Titans Game

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
037c2bcfee33f645427cdfda817494c4

SHA-1:
52eda038b2ef482158f01cf1775f8654378d23da

SHA-256:
7f186f5cdc39142ab8a659513750b5c4e253e2656d8b72bb603a64d3d613167d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/13/2025 4:04:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize
17.3.3.19

File size:
6.4 MB (6,700,544 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
mahjong.exe.mui

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\iwatch-dvr-2.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
3/24/2016 8:00:00 AM

Valid to:
3/25/2017 7:59:59 AM

Subject:
CN="LLC ""ARAMIS IT""", OU=IT, O="LLC ""ARAMIS IT""", STREET="Bud. 160 kv. 708, vul.Frunze", L=Kiev, S=Kiev, PostalCode=04073, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2781EC6D8C58B1F2B6E05246F5EE7B91

File PE Metadata
Compilation timestamp:
1/1/2012 11:40:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

Entry address:
0x4FF32E

Entry point:
E8, 69, 11, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, E1, 90, 00, E8, 0C, 17, 00, 00, E8, 3A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, FC, 10, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BB, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.1951

Code size:
5 MB (5,276,672 bytes)

The file iwatch-dvr-2.exe has been seen being distributed by the following URL.

http://creamreactionbasket.ru/14620821714731/iwatch-dvr-2/.../?load=1

Remove iwatch-dvr-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.