home

MaxPayne.EXE

MaxPayne Application

Remedy Entertainment

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from s7853.chomikuj.pl and multiple other hosts.
Publisher:
Remedy Entertainment

Product:
MaxPayne Application

Description:
Max Payne

Version:
1, 0, 4, 0

MD5:
6107081ddf17feac0018278d83ef6de9

SHA-1:
a1a9b9e5b17346be123d32c10517da7dac29e5f0

SHA-256:
a7759447df38e4a853a3f3ab8926aef15f4029abaf59f24fc34c05f50be7d2a3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 3:09:44 PM UTC  (today)

File size:
4.7 MB (4,943,872 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright (C) Remedy Entertainment, Ltd.

Original file name:
MaxPayne.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
1/17/2002 9:49:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:lwFec5FaF6JpBcJI45m+BzFcu7PxK+eb6uTLaGW3AdgPAK:lwFec5FH7+Bxhe/yGWQdgP

Entry address:
0x36FB04

Entry point:
55, 8B, EC, 6A, FF, 68, 40, A5, 7D, 00, 68, B8, FC, 76, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, D8, A3, 7C, 00, 59, 83, 0D, E0, 9B, 8B, 00, FF, 83, 0D, E4, 9B, 8B, 00, FF, FF, 15, DC, A3, 7C, 00, 8B, 0D, 28, 76, 8B, 00, 89, 08, FF, 15, D0, A3, 7C, 00, 8B, 0D, 24, 76, 8B, 00, 89, 08, A1, CC, A3, 7C, 00, 8B, 00, A3, DC, 9B, 8B, 00, E8, 72, 01, 00, 00, 39, 1D, 70, 53, 8A, 00, 75, 0C, 68, E2, FC, 76, 00, FF, 15, D4, A3...
 
[+]

Entropy:
6.4350

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.8 MB (3,969,024 bytes)

Scheduled Task
Task name:
{2283F07B-D0D7-48FA-8766-355A9A8B8481}

Trigger:
Registration (Runs on registration)


The file MaxPayne.EXE has been seen being distributed by the following 4 URLs.

http://s7853.chomikuj.pl/File.aspx?e=WotXSXzgnLAnyxhKffLXPy-E9JmMFFJTZrE_VwPlkE54zcdZeOIbKHLdFCAaNbWLYthB3R_IvTA9DeSE8wG2qcaiHwUg0w1ZONRiEJ8biv7ljIpk0JAl5LInbK1WnXpvwkWu_TMbXJcIHmmgFWQT1A&pv=2

http://s7853.chomikuj.pl/File.aspx?e=WotXSXzgnLAnyxhKffLXP2w4jrWxZtP5-lek1NS9ApAgNNBfRA7W7Zo8Qz4xTA6fnuo4jBb8ToS2IPXtWs833jyd37H_OWp0VWhsVXM5rJ8fUrztnzp5XcNeP-6KGY2hKtd8-J8ji-MBYVdDOUBP4A&pv=2

about:internet

http://s47.chomikuj.pl/File.aspx?e=WotXSXzgnLAnyxhKffLXP26xgBXrJ5E3Cum-QbIcbJmdU23bHeb4k2GEdKcSK7af2b2YlHpwquP1_ishmhnNsBroEC0qrb9_LNoiNPuX2d-7eT1CYkgsmjbgwLTXrcZC5MUf_vZ8xpCvCYg0uPIttQ&pv=2

Scan MaxPayne.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.