home

ntolost+5.4.exe

Tibia Player

CipSoft GmbH

This is a setup program which is used to install the application. The file has been seen being downloaded from download1917.mediafire.com and multiple other hosts.
Publisher:
CipSoft GmbH

Product:
Tibia Player

Version:
8.54

MD5:
d356486a1b22cef8172693706da94c4f

SHA-1:
d58c3e4ca84542a88aa9d82493672dec6fe44460

SHA-256:
1d00656552d5da6f27dbe239183436a4f3fc8fcdc842825cc6bc15d96a758544

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 10:09:14 AM UTC  (today)

File size:
31.2 MB (32,718,347 bytes)

Product version:
8.54

Copyright:
Copyright (C) CipSoft GmbH 2002-2009

Trademarks:
Tibia is a registered Trademark of CipSoft GmbH.

Original file name:
Tibia.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
12/8/2009 6:45:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:zW37mgxcXjFpT+yZYM5yBH1hXcuvp5JBzkO6LRF8Ufqj:C39gfvY2yBH1RvP3gXI

Entry address:
0x6B3B33

Entry point:
E8, 00, 00, 00, 00, 60, E8, 4F, 00, 00, 00, D7, 96, BC, 36, 74, 9C, 99, 12, 47, 49, 73, 5C, FA, 8C, EA, 49, 4D, 85, 10, A2, F2, E6, 08, 7E, 94, 29, 39, 1B, 12, 62, 48, 01, C2, 6F, CB, 94, 62, 5F, 89, 36, BA, 9C, A1, 59, 2C, E7, 55, 25, 71, 8B, A0, C6, A3, 6E, 6A, 77, 71, 8B, A0, C6, A3, 6E, 6A, 77, E9, 1A, 6D, 00, 00, E9, 2E, 6D, 00, 00, E9, 29, 6D, 00, 00, E8, 6E, FB, FF, FF, 6E, 04, 01, 00, 81, 99, 00, 00, 23, 76, 2E, B1, 60, B9, D1, 46, E1, 69, 74, 06, 83, 40, 91, 3F, CD, 21, D0, 4D, 2C, 12, 69, 55, 2E...
 
[+]

Packer / compiler:
MoleBox v2.0

The file ntolost+5.4.exe has been seen being distributed by the following 17 URLs.

http://download1917.mediafire.com/5kv16cm42hug/.../NtoLost 5.4.exe

http://download1567.mediafire.com/ldw9wsf4xhug/.../NtoLost 5.4.exe

http://download1129.mediafire.com/63bjy4ok8lrg/.../NtoLost 5.4.exe

http://download1917.mediafire.com/ts898bbsvzrg/.../NtoLost 5.4.exe

http://download1722.mediafire.com/pigqcnewmfjg/.../NtoLost 5.4.exe

http://download1129.mediafire.com/35frg6bf0wog/.../NtoLost 5.4.exe

http://download1722.mediafire.com/yuh2134ojr1g/.../NtoLost 5.4.exe

http://download1567.mediafire.com/3rvdc3aebr9g/.../NtoLost 5.4.exe

http://download1567.mediafire.com/pmwmlsmws1og/.../NtoLost 5.4.exe

http://download1917.mediafire.com/5334x5ng1teg/.../NtoLost 5.4.exe

http://download1917.mediafire.com/45v81qh880mg/.../NtoLost 5.4.exe

http://download643.mediafire.com/594ezac2m00g/.../NtoLost 5.4.exe

http://download1917.mediafire.com/wa5jxnfx076g/.../NtoLost 5.4.exe

http://download1392.mediafire.com/ke8nzb7s3p8g/.../NtoLost 5.4.exe

http://download1917.mediafire.com/4khp225icofg/.../NtoLost 5.4.exe

http://download1329.mediafire.com/rcylqxaju8yg/.../NtoLost 5.4.exe

http://download643.mediafire.com/4lmlilqxw7tg/.../NtoLost 5.4.exe

Scan ntolost+5.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.