» pes2014.all.version.tr28-3dmgame.exe
Overview
Analysis
File Details
Downloads (1)

pes2014.all.version.tr28-3dmgame.exe

《实况足球2014》多功能修改器

@小幸姐(Sachiko)

The executable pes2014.all.version.tr28-3dmgame.exe, “PES2014 Multi-Trainer” has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fc51.userfiles.me.

File name:

Publisher:

@小幸姐(Sachiko)

Product:

《实况足球2014》多功能修改器

Description:

PES2014 Multi-Trainer

Version:

1.0.0.0

MD5:

83e3fb1833bf78380d80953241b08ca2

SHA-1:

64266c4415f23039d7ceb1aeef2b648c507b4002

SHA-256:

8e3b91ff5ebfe7cb80be9e9afd478c0317ec805144d39dbdfdebf251e04a3042

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

2/25/2025 10:42:14 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.377856.41

7.11.128.158

Baidu Antivirus

Trojan.Win32.FlyStudio

4.0.3.14217

Bkav FE

W32.Clodab2.Trojan

1.3.0.4923

Comodo Security

UnclassifiedMalware

17718

ESET NOD32

Win32/FlyStudio (variant)

8.9371

Fortinet FortiGate

Riskware/Qhost

2/17/2014

F-Prot

W32/OnlineGames.HI.gen

v6.4.7.1.166

K7 AntiVirus

Riskware

13.175.11028

McAfee

RDN/Generic PUP.x!b2b

5600.7217

Norman

Suspicious_Gen4.FALSY

11.20140217

Sophos

Generic PUA GE

4.97

Total Defense

Win32/Oflwr.A!crypt

37.0.10498

Trend Micro House Call

TROJ_GEN.R0CBC0PLN13

7.2.48

Trend Micro

TROJ_GEN.R0CBC0PLN13

10.465.17

Vba32 AntiVirus

BScope.HackTool.Sniffer.WpePro

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26060

File size:

369 KB (377,856 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\pes2014.all.version.tr28-3dmgame.exe

File PE Metadata

Compilation timestamp:

9/23/2013 11:40:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:qEiva3GOT/M8oVIVAPIVBj6oFTTZ08PyX7FGmOdHPgF5Spfgu20ccgp5oSh:qaT/ZVAPIVBjLFTTALW8YfV20ctp5oSh

Entry address:

0xFD720

Entry point:

60, BE, 00, 60, 4A, 00, 8D, BE, 00, B0, F5, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 69, BA, 0F, 00, 57, 83, C3, 04, 53, 68, 17, 77, 05, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

356 KB (364,544 bytes)

The file pes2014.all.version.tr28-3dmgame.exe has been seen being distributed by the following URL.

http://fc51.userfiles.me/f/0/1391152629/43315497/0/.../Pes2014.All.Version.tr28-3DMGAME-spaces..exe

Remove pes2014.all.version.tr28-3dmgame.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.