Play Hack TH.exe

Play Hack TH

The executable Play Hack TH.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs05n5.sendspace.com and multiple other hosts.
Product:
Play Hack TH

Version:
1.0.0.0

MD5:
064a32cde38f43c57816a1bba9da2df3

SHA-1:
eee59fdf451c8b8476519604907d2827d382644d

SHA-256:
544106ac8d52d9e8d02b846fd1cf17c0cdc5db1a8a9a2b51309e3a38d3fff631

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/16/2024 1:55:23 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.Riskware.Hacktool!c
2.1.4+

ESET NOD32
Win32/HackTool.CheatEngine.AF potentially unsafe (variant)
10.13232

Fortinet FortiGate
W32/Generic.AC.1569906
3/27/2016

G Data
Win32.Riskware.Hacktool
16.3.25

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

File size:
4.1 MB (4,272,128 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
Play Hack TH.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\play hack th.exe

File PE Metadata
Compilation timestamp:
3/24/2016 10:16:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:Gzt3ZvT4g0KY+e2rEuIoRIo0QlKdoCrZYT2qMQUYSmHEEkz1ZrGwA7FiUtpGdnpR:gZp0KYR2rtfebQlMoC2TxzUy7QvdpZb

Entry address:
0x41043E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.1 MB (4,253,184 bytes)

The file Play Hack TH.exe has been seen being distributed by the following 2 URLs.

https://fs05n5.sendspace.com/dl/2e34de255ef1774881c81b3ed88c2f84/56f5f61f34fe988c/.../Play Hack TH.exe

Remove Play Hack TH.exe - Powered by Reason Core Security