mafia ii - trainer (+2).exe

The executable mafia ii - trainer (+2).exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from download1079.mediafire.com.
Version:
1.7.0.0

MD5:
26adeb79accc11df0c69b029be376a51

SHA-1:
4b3f1a28d47209bbe442e2f1ccd9de0397ed0a26

SHA-256:
43cc37a254c146db0e5ed0f2479c5320ab62aa636975edd6f60efc813a48fe30

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 10:21:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.24.23

File size:
719.5 KB (736,736 bytes)

Product version:
1.2

File type:
Executable application (Win32 EXE)

Language:
Dutch (Netherlands)

Common path:
C:\users\{user}\downloads\mafia ii - trainer (+2).exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:5Rbu/jtigh+M9lbfx3yABdMD6iH4u3c+Kj3:3Osghzh/QG6fcLj3

Entry address:
0x75C14

Entry point:
55, 8B, EC, 83, C4, F0, B8, AC, 59, 47, 00, E8, 98, 07, F9, FF, A1, 64, B4, 47, 00, 8B, 00, E8, 00, 28, FE, FF, A1, 64, B4, 47, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 78, B3, 47, 00, A1, 64, B4, 47, 00, 8B, 00, 8B, 15, 44, 57, 47, 00, E8, F5, 27, FE, FF, A1, 64, B4, 47, 00, 8B, 00, E8, 69, 28, FE, FF, E8, A0, E5, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1384

Developed / compiled with:
Microsoft Visual C++

Code size:
467.5 KB (478,720 bytes)

The file mafia ii - trainer (+2).exe has been seen being distributed by the following URL.

Remove mafia ii - trainer (+2).exe - Powered by Reason Core Security