home

mafia_patch_1.2_pol.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.gry-online.pl and multiple other hosts.
MD5:
4e7f327fa18284d98bb044542f34c789

SHA-1:
68d574fbb970a3172c30789367d82313dab5305f

SHA-256:
a982532136510803885c459114dd95d0aacc4d6152c8439c52be95504934407f

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/24/2024 4:32:51 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14824

File size:
17.4 MB (18,243,544 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/14/2002 2:21:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
393216:mLKD/fx+oL3y7QT28O68OPhv5Y80nj/WdZ08ky8Q+o9+dvJpIY7e:5Tfx9LiI2tuMjcbkVa9+dvJO6e

Entry address:
0x1D590

Entry point:
60, BE, 00, 40, 41, 00, 8D, BE, 00, D0, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
40 KB (40,960 bytes)

The file mafia_patch_1.2_pol.exe has been seen being distributed by the following 4 URLs.

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYXlVMEdCTDdQZHVwWTdtT3JoY1JXMVdWZEtZbmQ0dEU1c0VMRVlGbktlZ21GZ3VjU3U0MXZPNEVBamo1bmtvMUpwV1hTZ1lRd3czU3c2VTB3Mm9jeGJ2Qm13ZWlUdmhFUTE5UFBKS2dieEk=

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYXlVMEdCTDdQZHVwWTdtT3JoY1JXMVdWZEtZbmQ0dEU1c0VMRVlGbktlZ0NhRmVEQjhJcmRCekVBVzRDRXp6cjVWN0ltOEdMRHVvWkl2bHJZeUdjbmQvRGsrMW5SRkx3R0xxcVl4eFA0UVU=

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxYXlVMEdCTDdQZHVwWTdtT3JoY1JXMVdWZEtZbmQ0dEU1c0VMRVlGbktlZ1p0NTZuMWJYMmFaSEd5RTRRYWRMNHJaRlg2cWF4dFA4QVA4M3EwL0tDOWtNY2xCVUxXcDhnNGN0SXBtVE8yeUY=

http://ftp.gry-online.pl/.../mafia_patch_1.2_pol.exe

Scan mafia_patch_1.2_pol.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.