home

pc-bingo-1-0-32-bits.exe

Pc Bingo

softaob.com

The executable pc-bingo-1-0-32-bits.exe has been detected as malware by 9 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
softaob.com

Product:
Pc Bingo

Description:
Pc Bingo Setup

Version:
v2.0

MD5:
2d806ff6f957d648e3042661139cfe35

SHA-1:
6b45152d8044a93ad6ca2e0cf1008b55520f5615

SHA-256:
80621ad6fc2aa37e0e4180e10486e3ae12f5a9a7fc109d55576c7c4393fbe3d6

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/15/2024 7:52:04 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
19459

Dr.Web
Win32.Patched.5
9.0.1.0258

Fortinet FortiGate
W32/Patched.LW!tr
9/15/2014

IKARUS anti.virus
Trojan.Win32.Patched
t3scan.1.7.5.0

Kaspersky
Trojan.Win32.Patched
14.0.0.3246

McAfee
Artemis!2D806FF6F957
5600.7006

NANO AntiVirus
Virus.Win32.Virut-Gen.bwpxnc
0.28.2.61942

Qihoo 360 Security
Win32/Trojan.144
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0CBH07GK14
7.2.258

File size:
16.2 MB (16,989,013 bytes)

Product version:
v2.0

Copyright:
Copyright © 1994-2003 TG Byte Software GmbH. All rights reserved.

Original file name:
SETUP.EXE

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pc-bingo-1-0-32-bits.exe

File PE Metadata
Compilation timestamp:
2/25/2004 3:25:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
393216:JtqDVUt/81Z8IEqLhssUPBEVgl22a0EnpLm1iUTK0QIT:Jt4Ut/819tImkazNm1iU3T

Entry address:
0x8F2E

Entry point:
6A, 60, 68, F8, 51, 41, 00, E8, EE, 3E, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, BA, FE, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, CC, 41, 41, 00, 8B, 4E, 10, 89, 0D, E4, A3, 41, 00, 8B, 46, 04, A3, F0, A3, 41, 00, 8B, 56, 08, 89, 15, F4, A3, 41, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, E8, A3, 41, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, E8, A3, 41, 00, C1, E0, 08, 03, C2, A3, EC, A3, 41, 00, 33, F6, 56, 8B, 3D, 74, 41, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
75 KB (76,800 bytes)

The file pc-bingo-1-0-32-bits.exe has been seen being distributed by the following 6 URLs.

http://gsf-cf.softonic.com/6b4/515/.../file?SD_used=0&channel=WEB&fdh=no&id_file=67735&instance=softonic_es&type=PROGRAM&Expires=1478686092&Signature=fh6g7T2nFWJrsQT7uJbt33yxXXq714mYaytTt3vX~Wqs0ij2F98aGgOhRR0V2cfYbKntMmy8dlD7jxMGKlf1I23t5fnDuttELfjHvWVsTW25zcKgFQKPPCcYf1naPNYTu34zKHP9va3EotnogVysne9fyETsHRdT6WQCcaM91U0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pcbingo.exe

http://cdn.dllaunchercenter.com/c?x=3u8qiP x6ugJJAxLx8UbuAb1YVcMW2/4DLcbhrLJJsM=&c=mho7GRt9tR0fMW1eMCemFgglXBki3ezjQ0MJd0uHHfrf024YdxUunfG7rgIfAY5iSu2SlOxFfRUit1jHGHfL Q==&fallback_url=ftp://eoywen.dyndns.biz/.../pcbingo.exe

http://gsf-cf.softonic.com/6b4/515/.../file?SD_used=0&channel=WEB&fdh=no&id_file=67735&instance=softonic_es&type=PROGRAM&Expires=1480553318&Signature=fVr5d7wpo~N1jUrxfG0aXgYLhlzsl82xgdGFdD6rjxdLyHuynFWg78iFWCUmZk5u21JGdAhuSem~Ag53g~Fs8kchzpctCTB8KIs0u1xE5zs7klNOEWte2zehIzdOQborruP5MxKagfzuVEmzYswsw4d6H289ioVI2kPJ6gPOjCs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=pcbingo.exe

http://pc-bingo.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWsXzd/D71YmJ0cv/xG8jn51h6FdVmMAL8SA2wzIsD0a/.../44VEOPVn4wqUECNoSKsW7A=

http://gsf-cf.softonic.com/6b4/515/.../file?SD_used=0&channel=WEB&fdh=no&id_file=67735&instance=softonic_es&type=PROGRAM&Expires=1435128686&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=YgLfb-bgE7ydYRlsvYnxazxIl60j2qX8wSfHQeiD7cRHTyy1cFhYlx3mN~5tcAHl-GDh7qjr7aqG5wJnMiKzQCgJ9Q2yg6rZzHLDuaB7tdjIHLwycKyUd~hDCM5REh6DzTWfg4mb5PkHJdva6WXPSu9gjr~ovrwwOhnhyX8zVHw_&filename=pcbingo.exe

ftp://eoywen.dyndns.biz/.../pcbingo.exe

Remove pc-bingo-1-0-32-bits.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.