raidcall.exe

KORAM GAMES LIMITED

The application raidcall.exe by KORAM GAMES LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
KORAM GAMES LIMITED  (signed and verified)

MD5:
0ce25152a877f5053ef9702f26e380bd

SHA-1:
7eb1b7ea2fb7be9ebadf8ce3e408530fa9e6c6d3

SHA-256:
c95c20832f830d1001dd3002df1a5ad7c0c7a58e40bc19e4dbe83f460b8b7492

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:00:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.KORAMGAMESLIMITED.I
14.2.21.3

File size:
5.3 MB (5,519,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\raidcall.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/7/2012 7:00:00 PM

Valid to:
1/7/2014 6:59:59 PM

Subject:
CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DE680510AEC828B17AC57B14D7A0CE3

File PE Metadata
Compilation timestamp:
3/21/2010 8:59:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:9y6MBqEWJDIXofZbeSE8FreLJbb8vm7ZwZyvQcIvhZLY01lyrSXWG/0ECzZB8NVJ:9uG9b/E81cb8OHvQcIv/1lyrSGG/7Sk

Entry address:
0x114F

Entry point:
E9, EC, 56, 00, 00, E9, 27, 96, 00, 00, E9, 72, 9A, 00, 00, E9, CD, 95, 00, 00, E9, E8, AA, 00, 00, E9, C3, BA, 00, 00, E9, 5E, 9B, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.9959

Packer / compiler:
Xtreme-Protector v1.05

Code size:
57.5 KB (58,880 bytes)

The file raidcall.exe has been seen being distributed by the following 47 URLs.

http://dw.uptodown.com/dwn/kSEPEJ79eY2l409-ZSJdeRZS98cSFBn2qEG2OZTGbbz6gqWnHNxiT5C-9CSFk8DblsOqvP5pAwLldxkibWsYFvaqsbhPfoiT7BvvX7FI1l3OXnOQKWAneqA6XSgCuahU/7wjPjDlV3k3_qdmgGO_w1LdC6lejATPld_lKpXupxkyQ7rx4OJbGkfKPuVkRvpjhh4_BiXb2PFWUIRhyrdN9AZTmlRH8mBMBC7qq0odFNBI8Sunz3EKUj1vMC_cqShIR/.../

https://dw.uptodown.com/dwn/CLKQ4bPV_1L81Xi1-plTPSaR4jy7peIU1tnQhP_2kmGc7lvuSFouguy5DuW1ta1Ht_rE8ycKLk4CKCFwyDjgYyarDNtJ9X6eAQdpyGFN0WAks5JMK0CKgyWYCTUAu3tk/kxqhZG3xQ8UETXG83jqX45CYHcd-hutS6Sn4n0pU4SLmEOl-uGO4t-lvrO8FnKv3sO_vDqVItV08lEXU_Q7DgXXZF_f6J9gjz6vuGE6ZcMdLxhURh2e2ar4iWxa7rF9X/PCkFUdt5pzrIS1sofukPdZaqAg9rwF8GQokOlVpw68anODzcZwX5O-U4rg4NVb5PfolhZLYTkfnI-Vc5zI5QeoGw7LBFqu6IiYvOlJAzVPJvkmz7qXPkFyo65xvYymMG/.../

https://dw.uptodown.com/dwn/h4Pl7jbS965YvQSvid4YqGHx1YynfsxWVDPAgXCd0_wW4s4O9jtx16RfEHxWV60fO1S_0XZfjw638gBmtSPFbYZzD7djFXpo8uDHTIrDUPic-OqCu18YxYqlIGJB99MS/3Eb_6KgMirsTeF9MSIXVHFyohUlw4CCLMsAqsQyLdZozfgfyKhQ16nwsk_hHU0br5DGAWJP8bs6VxF7a_PnxKrP3LGSOoPmKTf9JVYbiRG5idBicMoOJt0C8cQpWOqkD/5f6bpFNR3eYI5Xa_aK8pcsjMTJ36e38mQ11Yop89FU8E7-i9P_safhmrcJlvk5QSkDSYAvst6qnoNwivmnNmOaVBZ-94bVBwIxcWknApt5wIBvV_Hyzy-bnOlSls6u4v/.../

http://dw.uptodown.com/dwn/UjQKz-chzg0wzk-bLthlsdzC-NXeRFqE5ZPgvAJ_C14x1-ss57uQDyRmRzfN3MzEN65SybIbnCy3du47q2Fk5t0Z_kr5cezaofh6FCroOeaTnOlPGvS71_VlDGkTW-MB/.../

http://dw.uptodown.com/dwn/6zgpyBBV9hO0g7J2dYv7UU6Zg6uSE87yvGIThdd_l9zfmbajGDUHJZf50Twbl05qVFWKtUJ77YijLDkGkVCCud8BNblsW5nG2rADDvKLs-t07Z4HeaATq3D7YN4851zA/Fb2bV7P6uxxkBLVqKVnUQX8m6TBOzdlDQMaRYwnw0KvWKbMu6K56Tj5ajJCv_OrEgCD7oEzoG3tJJ8TAEj5lTq3anREqegY_g23X32g_dpFR3x3MIPvcy0HIbPg0RA3f/zVLR8w7zK2U6C7RuaEeS86czNj2zhLMhHP5Md5nzSKMX1Rw3lsfNIjjoFgXHs73AH7VMCi-3m513xe3k2l-0CC8iCQXyoVPOkgfwNEByBjHbUQnbbCEaxJSnNFKHbVkJ/.../

http://raidcall.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/.../yCS f4NIL9Iui8=

http://dw.uptodown.com/dwn/bpBl6KIGvjQNejaYPwSqaLjdxhgIfc1ZPBMF2yBwi58abh0wieS9O2Zgo6mJkMmP05amcAcWSOBYnWy2nVMDqMNbWHVx4ZClQRy2m1SSg7UFYU0YdcGLwyX_7ljSs5OZ/VTTokmQ4ni60m1XMhQ2LaGV2vj1ZMcS_93fFk73X167biIY05g03Fej-uWDN43YMiVGU774wESj7ixB_YKvy4NHwGaGGdZ79Kv0SDWvJbvcmMofpO54cNq71_i3TcgRf/.../

https://dw.uptodown.com/dwn/-T206zGJ18lKXWBRtMyofxVluGy8kYD1QiJ6-Pt8zKkNMEERBr27zRbUVZ7a4Z0LtyEKHJaODFZdZO285QJoOmSJwaTZC-Ql0nDYpIuqDW4128zESljpJXsFTV5hDu1z/LgmMkVw-N4HLmVux3wJlPVGpCi64dvqwgGCLYlZZyUQtAoNIlzp3rNeHWgYcvqvf2l2AhWGhuntWEryjIZMLG1hkgk2lo_RVS9ivZAji-sli9B4vlHF6_Kl4vCvPq94R/y8QFtshZvufL5WJLR9b7p92PqXZ_hug9KnopL5zLI9ShT8MC2XsdMV6ZRuApfEQ8ZYrz-HMxTYnsjAR1hKE00ZDUHiYlNR1eYiOijm1h_pdAl-WaoijAaqEu-t1Qeatn/.../

https://dw.uptodown.com/dwn/JSe0JuXIdH5xBbCjtNvdB49Yg_RkkIceQVsMiCeoW5-5evEbi9M3wb5AEx6FuVarPcvKkdZ2cLJl2PcL08N0rw-Pq3tjToBksfuwlpxoTJfKEZ8F3g2b5r0VEEOjACjQ/b-MrDQ2OJ-trNh2j01FgJsywnYrt_qKocUnRRpecipkm3ljd8r_1Eeu3gVDsoymbfrJz6KJ4MTUWJgNRk3pTh0c5_UJK2f35ldLjBWuLcLhqkQ6uxgce6eikpMcj40np/.../

http://down01.waxoo.com/90bf4613e22d7ca8fe26540853708085.exe/raidcall?id_file=653&expire=1420239485/581/signature=9fdf91b5973bd75d2036358d57b5003b/.../raidcall

http://down01.waxoo.com/6fd7db81744e92f7b6c01580675420f3.exe/raidcall?id_file=653&expire=1407349148/581/.../exe

https://dw.uptodown.com/dwn/iVJAW5SpZkI4HJZ5fOS5UY3ue8RHj-cTBUOv8CEq6gkK_rIM2fwifAYUh96czJzmLNdUoblygDiLWuQkQWQPhpfb4PWUkznHjEO3dl1Pp7fx-YOKtYDrZOZjKJBq83f-/U31zcjBLimmPG8VLXDsxqrVkKJfUggqMJ_94_WrAybI_9CeZ01JqCgUbYIrqEjKEPvN0idMESG-Bajzp8RibVntN743cBLlHaFXI14CptBHIXMok2Y6J_0CPAPlDQDij/UuD9a5hw0hPucjux77YvpxVdiKsmjBTrPPj8eYGChBNmTqFO261h4Xrfhngt9nhIT-7VKpGFaNAFk65RbigdN0s8M83j7-TdruSe7jP27sMldAF4SWHKlud9jMuHGCa2/.../

https://dw17.uptodown.com/dwn/SxdEhN3NV_h-alhRdrNuC2-_ZtgCSKvsoxRTLLSXAEOecQBcp7V7wLVCxjlt53GdXGanqUJGb4CpWTMK6uhpfWaexB624xeZQVV8JKeF3S09ZFVCcgGavg_NTQPPoupv/UhWLDRTWGGw1ZXm3CPcrwI5MX5vOjr5NdowhZlICshI0MXul_w-bECSVRd5MFN780Z3r_uMmPa8SIx7VaiNVk5LG3HwrKFCzUeMwMSi76CxLz9gcFZqT8-uoK73gQtXh/tZI6Vb3tMSTFkpgmN1P0tNjCTEuBc1aSCHx65aE9ZrZlt2DJ75mtfvPEEFhsW6KaGzhVS8Yw8IDv8PSKqYBPNFCX9necNz04q7eLieF0r5fD7pK_aefbvlXG7VqkhmOo/.../

https://dw.uptodown.com/dwn/nh8z9l53bzjl_CEZc7Ki2qfAzm4edvpMOCfB-oUYpgiCT5tFJLXGJHW_vVuZTnHjwKfLQ8nVI3YrAWOgVuB2p8l8iqNtUlvbs0QGPD3V4nQpSOVV3zMwY5K3OKHS4xct/vcZrMxUKrDEcGjLGY0MC5KULjKdnyYwaM_-GuJfr3YgEIXbKgbYLxVDPL64ORRN-RyuZ7qnrKWYNGufcDHTdAFwwCGoacEFmCdndufYxyMYpt3dM9lNPOel3bsj_J7JD/dY0bq3qO4ysSuCBAQWWhz9eleD-ts6X4AeQpbKaZcUaAizM2hKLn8Asq2b-iHOnzgNHSakF8ajgglK85vgJ8Gd1mJ1uopHJFcZ3rjViquB-w0zagotjzuM9Lly89sdPB/.../

http://down01.waxoo.com/90bf4613e22d7ca8fe26540853708085.exe/raidcall?id_file=653&expire=1425600984/581/signature=1b3f76f9a7b5711d852db2d64c175ec2/.../raidcall

https://dw.uptodown.com/dwn/fVeIEODZ6DADmZuxfptd9eCu45N-8jcCf7tiENi-GMN_o2bjSvfj4HiviestK4V8eqS0E0Ibm0td7Z_43hky5fQd5ZNEd07PVwqX2dNCyHVWkx_Xt7PlVbJDB4EB3Slp/9CRrdOQrFIc2swojEdwVpysnbpnDSAQlV76YQ4sSDLN12-PnCgjOiolC6SSACNmJ6Lvf_57ixpW2uWcdapKthWetp_M8kGVUmBiePLZ6j5Rb_cSfyrSVFzGc1MvPyDSr/w8_9IVDQezv_ZwUAYiN2jKKxrC9tkm6K83gxBwycJcEQfXRPNvVoFGNtenTxyqW-tbm9ZyHD9LE2qCE9R12pJeHMNLldvrujztjv57CLDv7xTyYTfZAPkc_uUJXC0srk/.../

http://dw.uptodown.com/dwn/I7uhYA9FDY8zUfpqr7feohSjQ2TPP_i7VMl8X4HOkFqMIjEnMNV3_qK_KoQW4GD0Io6iXb_e-NijNEeqTwWqrvus0BnmT6DfLpdPSxxMMEL8xiU70eNp1lod3rnn8hRT/qlQeG4DhX4XefUP9iM3DiwhebOHf2JoW_z_LjpG_SpuN6uLOq2p_cGVYbbP5aSs4Zbt5hOpphOmCJETzYutC4dv-epiHvL6J4Z8jghaeVGoZls4otsF28iwAr87DjdNM/.../

https://dw.uptodown.com/dwn/4tAcQsXBj9Jr6Ep8zllmtdgDIUAhtNzjLSCzX6BPknF9Vy-fkZ0j3NO4cq146RGaSn18IxiNgs_ChM2G55OVGo__tNoPfoScgtsPBi-YuxrZDocb0ZSGKHHzVSKVpvtz/rWKIlOS_XbFg4woVlIoD_KPdB48izaFurPGTvO8PlvZAdF0ajoVF_s9vP2CsQ38odkrhEUKmZiAM27OTy43VWiqagltssMTGqnVYmFsx_zxyy1vtmjh8qkJjR281509I/.../

https://dw.uptodown.com/dwn/SjLKrN63bfJXfJa0TapT79DSDe0OQ-CW3vwM3aedK5Wzgm-QqL_3gflMcLhitIxinwXwZ_ex-NjLQYpis1qkOWvusydVdnezeRDjoJkD_npUS8hC23TkGvZcH9uNDCXl/_I95y2r1z0iRI9B8NH3YXUM4hBBTJli4DcPS_58ql6ErsVpH7541GMTxiAitiIWm_WXwBP1RNBqEIcmmhvSFrITz2tap6XbBtB8p30V67lzRllaJLvVJcl5wSGXF3qZi/LUWts7w2zdbZjYFPXRRHUdm77-oCy4lsH04uZmyeuiZM80hvoeGkc_FypSmq0ZkTFUoZ95F5lI41VclpceM3HHJadGQqPdGfDHKXuuLk255tbpMI2KnYsgWzt-5SyoYv/.../

https://dw.uptodown.com/dwn/ReutcsBwKIqkiFwsYpjrEoo664-7cVAr0EYANLuG-n-HMXS0nIr3s0bXrkeTZyiduEDH2voZxgAgUKLh--fL_A50RnfOOId2oy3aD7xj5iEIG7mrtttBmWYOZY-RZS1T/0u1z3jnGpggf8GNF90Wa6wiqQmGSK20omi1sRHNU62DaKC0OFr2TjMn3q4Fbq2RBba9IFZfgXzwgZgQUYpuZ-Axz4apdKQliI-_QXPpCwA-X-XZOp7nwERLB_2kHNMW4/.../

Latest 30 of 47 download URLs

Remove raidcall.exe - Powered by Reason Core Security