home

raidcall_tw_v8.1.8.exe

The executable raidcall_tw_v8.1.8.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from update.raidtalk.com.tw.
MD5:
9fb55b67c1ae1a833c3729599282fb7e

SHA-1:
737801333f67c29d20da4aaf4efee6c19bf78a86

SHA-256:
654ce7ae207d8a9cff44f483e883ba2825336f4ec7977191dbeb6f457b5931b8

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 8:14:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160327-1

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Packed.Win32.Krap
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.1805.0

Norman
Win32.Sality.3
10.04.2016 15:29:17

File size:
5 MB (5,278,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\raidcall_tw_v8.1.8.exe

File PE Metadata
Compilation timestamp:
3/22/2010 8:59:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:cX2+V0raV7geL1x7pPkvb6vB9hnY6sPimqxZ9cw/AWpriFOhDhqMR7ocUivR6:m2+bVhFPkT8Xo2LwFOFhHR7ocUiA

Entry address:
0x114F

Entry point:
0F, AF, FD, 0F, AF, CD, 81, C7, DD, D5, A8, B0, FF, C3, 8B, EB, 88, CA, F6, C6, BC, 85, C8, 42, 8B, D2, 3B, EE, 0F, AF, E9, 84, D1, 42, 2C, 02, BD, 00, 00, 00, 00, F6, C6, 5D, 85, DF, 74, 04, FF, C0, 09, C2, 84, FF, 0F, B7, CB, 08, FA, 0F, AF, F7, 84, E8, 84, D1, 28, C1, 42, BF, FD, E7, FA, FF, BE, 1B, EC, 2A, 1A, 81, C7, EF, 3E, 04, 00, 0F, AF, C6, 0C, 0C, 8D, 1F, 20, D5, 81, C3, CB, D4, 00, 00, 0D, 86, E4, 0A, CB, 4A, 03, EB, 80, FE, 7B, C6, C0, 6F, 81, D0, 33, 5F, D4, A4, 81, C5, 4A, 04, 00, 00, 89, EF...
 
[+]

Entropy:
7.9958  (probably packed)

Code size:
57.5 KB (58,880 bytes)

The file raidcall_tw_v8.1.8.exe has been seen being distributed by the following URL.

http://update.raidtalk.com.tw/rctc/.../raidcall_tw_v8.1.8.exe

Remove raidcall_tw_v8.1.8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.