overlay_win2k.exe

Ratatouille

Asobo Studio

The executable overlay_win2k.exe has been detected as malware by 7 anti-virus scanners.
Publisher:
Asobo Studio SARL.  (signed by Asobo Studio)

Product:
Ratatouille

Version:
1, 0, 0, 0

MD5:
bf042f2a58cd6dd96a286fbc50093ccb

SHA-1:
82bc0b3d2707959c0e4329067a23d0648c8bbcc4

SHA-256:
c9ef30b25f5ac9e9585eaae723ab1e1acbdb688c9c7548d4847fe20baedd2477

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/25/2024 6:04:45 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Jadtre-A [Drp]
160518-2

AVG
Worm/AutoRun.JT
2015.0.4591

ESET NOD32
Win32/AutoRun.NAX virus
8.0.319.0

F-Prot
W32/Jadtre.A
4.6.5.141

F-Secure
Win32.Jadtre.E
5.15.96

Microsoft Security Essentials
Threat.Undefined
1.225.356.0

Norman
Win32.Jadtre.E
19.05.2016 01:04:49

File size:
4.2 MB (4,431,872 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright (C) 2007

Original file name:
Rat.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/27/2007 2:00:00 AM

Valid to:
2/28/2008 1:59:59 AM

Subject:
CN=Asobo Studio, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Asobo Studio, S=Aquitaine/Gironde, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4618EACEAF76B8FE243CB5C014874649

File PE Metadata
Compilation timestamp:
5/18/2007 1:38:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:TPDw/HKuGD64CeNxMa8EgCRCsYK4y0AtHTT170O:T7Ae64FNX8ECsYK4y0A

Entry address:
0x45D000

Entry point:
55, 8B, EC, 83, EC, 70, 83, 65, CC, 00, 83, 65, D4, 00, 83, 65, F8, 00, 83, 65, D8, 00, 83, 65, E0, 00, 83, 65, EC, 00, 83, 65, E4, 00, 83, 65, F4, 00, 83, 4D, DC, FF, 83, 65, D0, 00, 83, 65, C8, 00, 83, 65, E8, 00, 83, 65, F0, 00, 83, 65, FC, 00, 64, FF, 35, 30, 00, 00, 00, 58, 89, 45, E0, 8B, 45, E0, 8B, 40, 0C, 8B, 40, 1C, 8B, 00, 89, 45, EC, 8B, 45, EC, 8B, 40, 08, 89, 45, F4, 8B, 45, F4, 8B, 40, 3C, 8B, 4D, F4, 8B, 55, F4, 03, 54, 01, 78, 89, 55, E4, 8B, 45, E4, 8B, 4D, F4, 03, 48, 20, 89, 4D, CC, 8B...
 
[+]

Entropy:
6.6789

Developed / compiled with:
Microsoft Visual C++

Code size:
3.1 MB (3,264,512 bytes)

Remove overlay_win2k.exe - Powered by Reason Core Security