lgke_beta_v1.0.0.3192.exe

FuriouS GOLD

FuriouSTeaM

The executable lgke_beta_v1.0.0.3192.exe, “www.furious-gold.com” has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s10196.chomikuj.pl.
Publisher:
FuriouSTeaM

Product:
FuriouS GOLD

Description:
www.furious-gold.com

Version:
1.0.0.3192

MD5:
fc7924abaa0c15b842dd2a29d7f682f1

SHA-1:
7c0811c6cf579f5e4e57ed601a1175288827a061

SHA-256:
06e43ea1b3639ec0001cf154cee8ce28a1fbc05a3620aa24d9e29f664095930b

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/5/2024 9:53:25 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Induc
10.0.0.5366

ESET NOD32
Win32/Induc.A virus
8.0.319.0

Kaspersky
Virus.Win32.Induc
15.0.0.562

File size:
2.1 MB (2,161,664 bytes)

Product version:
1.0.0.0

Copyright:
(c)2009, FuriouSTeaM

Trademarks:
(c)2009, FuriouSTeaM

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\lgke_beta_v1.0.0.3192.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:tC+8dTJPCRvPHCojW3c+BkuZjCZUHCpT69/QpuBst71DaM4:tC+4CRHio0c+mj8CpwGt7MM4

Entry address:
0x204014

Entry point:
B8, 00, 00, 00, 00, 60, 0B, C0, 74, 68, E8, 00, 00, 00, 00, 58, 05, 53, 00, 00, 00, 80, 38, E9, 75, 13, 61, EB, 45, DB, 2D, 37, 40, 60, 00, FF, FF, FF, FF, FF, FF, FF, FF, 3D, 40, E8, 00, 00, 00, 00, 58, 25, 00, F0, FF, FF, 33, FF, 66, BB, 19, 5A, 66, 83, C3, 34, 66, 39, 18, 75, 12, 0F, B7, 50, 3C, 03, D0, BB, E9, 44, 00, 00, 83, C3, 67, 39, 1A, 74, 07, 2D, 00, 10, 00, 00, EB, DA, 8B, F8, B8, 93, B0, 30, 00, 03, C7, B9, 6D, 42, 20, 00, 03, CF, EB, 0A, B8, 93, B0, 70, 00, B9, 6D, 42, 60, 00, 50, 51, E8, 87...
 
[+]

Packer / compiler:
Themida/WinLicense V1.8.0.2 +

Code size:
837 KB (857,088 bytes)

The file lgke_beta_v1.0.0.3192.exe has been seen being distributed by the following URL.

Remove lgke_beta_v1.0.0.3192.exe - Powered by Reason Core Security