mount&blade-uniloader.exe

The executable mount&blade-uniloader.exe has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from blogattach.naver.net and multiple other hosts.
MD5:
f26fdea9d9dc14206e0d36d84e1bd784

SHA-1:
f148e91a8ddeb0964b8fa6520fd3bc20ab092404

SHA-256:
b13b4b4cb81e9e207b4c32c1a3feb6a333582e8a8c745c0d205af7f315f4c2fa

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/25/2024 3:38:20 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodb94.Trojan
1.3.0.4959

ESET NOD32
Win32/HackTool.Patcher (variant)
8.9575

Fortinet FortiGate
Riskware/Patcher
4/3/2014

F-Prot
W32/MalwareS.WEH
v6.4.7.1.166

K7 AntiVirus
Riskware
13.176.11524

McAfee
RDN/Generic PUP.z!dd
5600.7171

NANO AntiVirus
Trojan.Win32.DorfA.dmdzv
0.28.0.58491

Norman
Suspicious_Gen2.MRKJF
11.20140403

nProtect
Trojan/W32.CryptRedol.10240
14.03.21.01

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.3.23

Sophos
Generic PUA PB
4.98

VIPRE Antivirus
Trojan.Win32.Generic
27632

File size:
10 KB (10,240 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/31/2005 6:58:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
192:rPMY9lBZzTQK6fysDTuTcY3IMKCXsCzOqdhVG3oFetuIDuuuuuuuuuuuuuuhuuPV:LMY9lcKsTuTctMfcCzOqDV/8tuIj

Entry address:
0x1050

Entry point:
6A, 00, E8, 99, 09, 00, 00, E8, 14, 00, 00, 00, E8, 93, 00, 00, 00, E8, 12, 04, 00, 00, 6A, 00, E8, 2F, 08, 00, 00, 8D, 49, 00, 55, 8B, EC, 83, C4, FC, 60, 6A, 01, 6A, 05, E8, F4, 06, 00, 00, 85, C0, 74, 6A, 89, 45, FC, 33, F6, EB, 1A, 8B, 0D, 54, 33, 40, 00, 41, 51, 6A, 05, E8, DA, 06, 00, 00, 0B, C0, 74, 05, 3B, 45, FC, 75, 02, EB, 49, 8B, F0, 8D, 46, 09, FF, 76, 01, 50, 68, 4D, 30, 40, 00, E8, DC, 08, 00, 00, 85, C0, 74, 26, BF, 50, 31, 40, 00, C6, 07, 00, 68, 5D, 30, 40, 00, 57, E8, 45, 08, 00, 00, 68...
 
[+]

Code size:
3 KB (3,072 bytes)

The file mount&blade-uniloader.exe has been seen being distributed by the following 5 URLs.

http://blogattach.naver.net/56c34afae9b7b26e40acc0f6cf2c562e8ade25c38e/20120430_218_blogfile/.../mount&blade-uniloader.exe

http://download1086.mediafire.com/baxtwb3duwag/.../mount&blade-uniloader.exe

Remove mount&blade-uniloader.exe - Powered by Reason Core Security