r-igi2t4.exe

The application r-igi2t4.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. The file has been seen being downloaded from download1643.mediafire.com and multiple other hosts.
MD5:
93ef140af5b26dd307a4fbeb875ff680

SHA-1:
9bdb8e96c907d5ef58a63642464f816669d3bdac

SHA-256:
61c4f67ede7c38d6888cf80361b8be03a8a846f5db3af44cc102b5afcb49b798

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:27:00 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/Exe32Pack
7.1.1

AhnLab V3 Security
Win32/Remoteinjector.worm.18917
14.04.24

Avira AntiVirus
TR/Agent.18081.A
7.11.145.246

AVG
Skodna.GameHack
2015.0.3495

Baidu Antivirus
Trojan.Win32.GameHack
4.0.3.14915

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
18066

ESET NOD32
Win32/GameHack (variant)
8.9648

Fortinet FortiGate
W32/Malware_fam.NB
4/24/2014

F-Prot
W32/Heuristic-210
v6.4.7.1.166

IKARUS anti.virus
not-a-virus.Gamez.IGI2
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11684

Norman
Suspicious_Gen2.AADES
11.20140424

nProtect
Backdoor/W32.IRCBot.18917
14.04.07.01

Quick Heal
(Suspicious) - DNAScan
4.14.12.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.15.1

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-WSLogger
10646

Trend Micro House Call
TROJ_GEN.R02XH05BH14
7.2.258

Trend Micro
PAK_Generic.001
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
28115

File size:
18.5 KB (18,917 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
2/21/2003 7:09:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
384:lFYIanKMtjSLrZ+JlUcBy2fxrE0nQq7v+kV:nhjKjSPU7dy2fCEP

Entry address:
0x1000C

Entry point:
3B, C0, 74, 02, 81, 83, 55, 3B, C0, 74, 02, 81, 83, 53, 3B, C9, 74, 01, BC, 56, 3B, D2, 74, 02, 81, 85, 57, E8, 00, 00, 00, 00, 3B, DB, 74, 01, BE, 5D, 8B, D5, 81, ED, DC, 8D, 40, 00, 3B, E4, 74, 02, 81, 87, 2B, 95, ED, 8E, 40, 00, 81, EA, 2C, 00, 00, 00, 80, BD, 28, 8F, 40, 00, 00, 74, 18, 8B, 85, 0D, 8F, 40, 00, 03, 85, 17, 8F, 40, 00, 3B, C9, 74, 01, BA, 05, F3, 04, 00, 00, FF, E0, 3B, C9, 74, 01, BA, 52, 3B, ED, 74, 01, B8, 8D, 85, 40, 8F, 40, 00, 50, 3B, C9, 74, 02, 81, 83, FF, 95, 1C, 8F, 40, 00, 8D...
 
[+]

Entropy:
6.8692

Packer / compiler:
EXE32Pack v1.38

Code size:
15.5 KB (15,872 bytes)

The file r-igi2t4.exe has been seen being distributed by the following 4 URLs.

Remove r-igi2t4.exe - Powered by Reason Core Security