home

raidcall_v8.1.8.exe

The executable raidcall_v8.1.8.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from update.raidtalk.com.tw.
MD5:
ff2a1b13753732b5fe002fa3cf5c80fe

SHA-1:
5df708cc23a0b1189d0b7d672a0ff2194787806e

SHA-256:
cbead361f8cd8abf655aed733c52618fcfe19eb0764cec35e3485546801a6643

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 7:36:52 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
16.05.20

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

F-Secure
Win32.Sality.3
5.15.96

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.14.0

Norman
Win32.Sality.3
19.05.2016 05:17:13

VIPRE Antivirus
Threat.4721115
49494

File size:
5 MB (5,291,072 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\raidcall_v8.1.8.exe

File PE Metadata
Compilation timestamp:
3/22/2010 8:59:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:4L0t3LDHvDEsMBW3ZIpyjH8aybmvR4d+I2BX+H3i8d6jTQuk:4L0tbDHvDHwgIpyjH8ac2R5Xj9TDk

Entry address:
0x114F

Entry point:
89, F6, 4B, BD, B0, 27, 02, 73, B4, F6, 88, F4, 8D, 05, 76, AE, 75, 60, 69, F2, 5E, FA, E1, 7F, 4F, 84, FE, 8B, C5, 81, F5, AA, 5A, 56, 3E, 14, 93, F7, C3, E9, 81, 10, 08, E8, 21, 00, 00, 00, 80, DA, 91, F7, C3, 2B, 3B, 0C, 1D, 18, E0, 2A, C0, C7, C6, E4, C6, DA, 8C, C7, C3, 8E, D6, 8C, E8, 89, FA, 81, F9, CD, 0A, 00, 00, EB, 05, F3, B5, 1D, 19, F2, 03, ED, 1C, E0, 8D, 0D, B9, 3D, 2D, 89, 0F, B7, FE, 69, CA, 7D, F1, 0A, 47, F2, 88, FB, 41, 8D, 1D, 7A, AC, 1C, 21, C7, C7, 20, FE, 6F, 4B, B8, 02, 16, F9, FF...
 
[+]

Entropy:
7.9958  (probably packed)

Code size:
57.5 KB (58,880 bytes)

The file raidcall_v8.1.8.exe has been seen being distributed by the following URL.

http://update.raidtalk.com.tw/rctc/.../raidcall_v8.1.8.exe

Remove raidcall_v8.1.8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.