metin2mod_pl_01032016.exe

The executable metin2mod_pl_01032016.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the Self-extracting archive installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from fra-7m19-stor02.uploaded.net and multiple other hosts.
MD5:
7f6483303ff76d3f17413828a416837c

SHA-1:
202fe9260f68f7051d29cbccbed95860fcb2f368

SHA-256:
be436a18b0a7b72df736c8b4bcbe05884e37cc5ab16a8c63c1e83f3adec30939

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/28/2024 1:05:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.3.1.9

File size:
11.1 MB (11,683,342 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Self-extracting archive

File PE Metadata
Compilation timestamp:
12/2/2014 12:07:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:5eG+Mu02aN/lRz/eueMFsxqPa8Zp6/ncJy3mkpV4RMClXTP6+h7GN+fteai:UGu6Nn2u3P6/nc6rVoMCtC+hiN+gai

Entry address:
0x1D5DB

Entry point:
E8, 85, 63, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 82, FC, FF, FF, C7, 06, 20, B2, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 20, B2, 42, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, B2, 42, 00, E8, 24, FD, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 4E, CA, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
161.5 KB (165,376 bytes)

The file metin2mod_pl_01032016.exe has been seen being distributed by the following 50 URLs.

http://fra-7m19-stor02.uploaded.net/.../fdde1309-fd05-4fdc-b52a-9693f28f7861

http://fra-7m19-stor02.uploaded.net/.../b7f2ddd5-23b5-4618-b6f4-77993cde638f

http://fra-7m19-stor02.uploaded.net/.../8ed8395d-477d-49d8-aef9-816942456213

http://fra-7m19-stor02.uploaded.net/.../556059f9-5d6b-41bf-b272-520026f41cd8

http://fra-7m19-stor02.uploaded.net/.../4db96d1a-5ae0-469d-ba0d-69030e9f4da3

http://fra-7m19-stor02.uploaded.net/.../1d89f068-9b44-4a00-9c2e-d492f929c1ca

http://fra-7m19-stor02.uploaded.net/.../4a26af01-ceea-4074-b4e4-ad767638d319

http://fra-7m19-stor02.uploaded.net/.../5cf1e0b2-6795-4a2f-8fcf-55f21bd919a5

http://fra-7m19-stor02.uploaded.net/.../3ed2d1a0-46b5-4233-821f-f1b0d117fc4f

Latest 30 of 65 download URLs

Remove metin2mod_pl_01032016.exe - Powered by Reason Core Security