» ntolost.exe
Overview
Analysis
File Details
Downloads (13)

ntolost.exe

Tibia Player

CipSoft GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from dc774.4shared.com and multiple other hosts.

File name:

ntolost.exe

Publisher:

CipSoft GmbH

Product:

Tibia Player

Version:

8.54

MD5:

1edc4ca746b928f65f522b325f31d143

SHA-1:

34e6258ddc4c3df5bd523a55ff7539670f2c1745

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/5/2024 5:49:12 AM UTC (today)

File size:

36.3 MB (38,099,214 bytes)

Product version:

8.54

Trademarks:

Tibia is a registered Trademark of CipSoft GmbH.

Original file name:

Tibia.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

12/8/2009 2:15:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:Kj7mJRNWYkWXmOs5L3GCER1Ro0s60px3LnRtJCGrgFjSXc5TdxZJIGc:+OLJ2OGL3rER1/ELRbr2mQ+

Entry address:

0x6B3B33

Entry point:

E8, 00, 00, 00, 00, 60, E8, 4F, 00, 00, 00, 48, D4, 6E, EE, F9, 84, EC, 83, A2, C1, FD, B2, CF, 23, 2C, C4, 4B, 22, 0A, 3F, 30, 87, 54, 2E, 6F, 5E, 49, 45, 23, 9C, E0, 15, 5D, F8, 97, 86, 93, D8, 27, 4F, CD, 35, 76, 43, 4E, DC, 42, C1, 72, 46, 48, C0, AE, 04, DE, 77, 72, 46, 48, C0, AE, 04, DE, 77, E9, 1A, 6D, 00, 00, E9, 2E, 6D, 00, 00, E9, 29, 6D, 00, 00, E8, 6E, FB, FF, FF, 6E, 04, 01, 00, 81, 99, 00, 00, 07, 73, 61, F0, 60, B9, D1, 46, E1, 69, 74, 06, 83, 40, 91, 3F, CD, 21, D0, 4D, 2C, 12, 69, 55, 2E... 
[+]

Packer / compiler:

MoleBox v2.0

The file ntolost.exe has been seen being distributed by the following 13 URLs.

http://dc774.4shared.com/download/.../NtoLost.exe

http://download973.mediafire.com/dcgdhodo48qg/.../NtoLost.exe

http://dc381.4shared.com/download/.../NtoLost.exe

http://download2086.mediafire.com/88t2ha46scdg/.../NtoLost.exe

http://download1673.mediafire.com/a5o6f2mwinbg/.../NtoLost.exe

http://download897.mediafire.com/rg4im3qu31jg/.../NtoLost.exe

http://download1673.mediafire.com/mst878z87wkg/.../NtoLost.exe

http://download1673.mediafire.com/61m82590787g/.../NtoLost.exe

http://download749.mediafire.com/6u78spbrx6dg/.../NtoLost.exe

http://download2187.mediafire.com/xsa1pfc1vvxg/.../NtoLost.exe

http://download2086.mediafire.com/j5vclck5nkpg/.../NtoLost.exe

http://download963.mediafire.com/zlishzxy4atg/.../NtoLost.exe

http://ntolost.com/NtoLost.exe

Scan ntolost.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.