home

raidcall_v8.1.8.exe

The executable raidcall_v8.1.8.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from update.raidtalk.com.tw.
MD5:
6be62ca694b82c6fce1036385b2dc18a

SHA-1:
b87a9240b8a5419c44c598816c14750f284cfc6e

SHA-256:
2f016d8bd01a6d2ec7effe4c482ffdb4c6c1b79d96dd9976a8dcfe65f50b9f18

Scanner detections:
10 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 7:46:31 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160503-1

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.22
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
16.05.21

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.221.14.0

Norman
Win32.Sality.3
19.05.2016 05:17:13

VIPRE Antivirus
Threat.4721115
49494

File size:
5 MB (5,295,168 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\raidcall_v8.1.8.exe

File PE Metadata
Compilation timestamp:
3/22/2010 8:59:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:okR0t3LDHvDEsMBW3ZIpyjH8aybmvR4d+I2BX+H3i8d6jTQuk:b0tbDHvDHwgIpyjH8ac2R5Xj9TDk

Entry address:
0x114F

Entry point:
0F, B6, EB, C6, C1, 7A, F6, C4, 37, 68, 06, BC, 13, 00, 89, D0, 85, F1, 89, EE, 0F, BF, F8, 69, FA, 7F, 82, 77, 21, 71, 06, 2B, DA, 8A, D7, B7, 03, 85, F7, 8D, 3D, 17, AC, 5A, EB, F3, E8, 18, 00, 00, 00, 04, 1E, 8D, 35, 8F, 47, D3, 31, 25, 3E, 83, C5, 39, 0F, AF, C0, 8D, 35, F0, B6, 74, CD, 3B, D7, 8D, 0D, 9C, B2, 76, 40, 89, F1, C6, C5, EA, 71, 01, F2, 3B, EE, 5B, 0F, AF, C1, 0F, AF, FA, 10, D8, FE, C9, 45, FE, CA, 31, DA, 8B, C6, 0F, AF, CE, 8B, D7, 81, EF, 21, 87, F5, FF, FE, C5, BD, 23, 2C, 73, 78, 81...
 
[+]

Entropy:
7.9959  (probably packed)

Code size:
57.5 KB (58,880 bytes)

The file raidcall_v8.1.8.exe has been seen being distributed by the following URL.

http://update.raidtalk.com.tw/rctc/.../raidcall_v8.1.8.exe

Remove raidcall_v8.1.8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.