po.16460267.exe

The Witcher 3

KeyFinder LTD

The executable po.16460267.exe has been detected as malware by 23 anti-virus scanners.
Publisher:
CD Projekt Red  (signed by KeyFinder LTD)

Product:
The Witcher 3

Version:
3.0.0

MD5:
bd81a3e5646a34d96e5ce1a0acbb0836

SHA-1:
8e3e250bb65e722433c2ea219663b84598373ec4

SHA-256:
4c25e042886138fe06a945d321c5aa6ea4ac7f292a77aba4b50cc52301186087

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/25/2024 7:31:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3241333
178

AegisLab AV Signature
Troj.Dropper.Msil!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Agent
2016.05.19

Avira AntiVirus
TR/Dropper.MSIL.ctdy
8.3.3.4

Arcabit
Trojan.Generic.D317575
1.0.0.688

avast!
Win32:Malware-gen
2014.9-160809

AVG
MSIL10
2017.0.2656

Bitdefender
Trojan.GenericKD.3241333
1.0.20.1110

Emsisoft Anti-Malware
Trojan.GenericKD.3241333
8.16.08.09.08

ESET NOD32
MSIL/Injector.PGP (variant)
10.13512

Fortinet FortiGate
MSIL/Injector.PGP!tr
8/9/2016

F-Prot
W32/MSIL_Injector.CE.gen
v6.4.7.1.166

F-Secure
Trojan.GenericKD.3241333
11.2016-09-08_3

G Data
Trojan.GenericKD.3241333
16.8.25

IKARUS anti.virus
Trojan.Inject
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.225.19640

McAfee
Artemis!BD81A3E5646A
5600.6312

MicroWorld eScan
Trojan.GenericKD.3241333
17.0.0.666

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Sophos
Mal/Generic-L
4.98

Trend Micro House Call
WORM_GOLROTED.AAAFF
7.2.222

Trend Micro
WORM_GOLROTED.AAAFF
10.465.09

VIPRE Antivirus
Trojan.Win32.Generic
49486

File size:
753.5 KB (771,592 bytes)

Product version:
3.0.0

Copyright:
Copyright © 2012 CD Projekt Red.

Original file name:
ofrr.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\po.16460267.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/25/2013 7:33:53 PM

Valid to:
4/26/2016 4:14:03 PM

Subject:
CN=KeyFinder LTD, O=KeyFinder LTD, L=Eastbourne, S="EAST SUSSEX ", C=GB

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B12EAD0A0A9F5

File PE Metadata
Compilation timestamp:
5/17/2016 2:08:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:M0ohRgKSzHFbFechIZsvAVy5LYaSTAfCcFakJjxsGdMP0JsH:g+KS6wlAeYJAfc0eGGEI

Entry address:
0xB7DBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1306

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
728 KB (745,472 bytes)

Remove po.16460267.exe - Powered by Reason Core Security