raidenftpd2.exe

The application raidenftpd2.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ftp.vector.co.jp.
MD5:
a0cc921fba0c41ea8f9ef7d34398884c

SHA-1:
76dd98ef836efea2c442d2262a1f18c32406b286

SHA-256:
6c8db97c0ab6f9081ecbaa9aea2e8bd9e97c39e920a5881665de514af91ad164

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:05:47 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
24969

Dr.Web
Program.WebRemote.158
9.0.1.0217

F-Prot
W32/HackTool.ANI
v6.4.7.1.166

G Data
Win32.Trojan.Agent.X3X40Q
16.8.25

Kaspersky
not-a-virus:Server-FTP.Win32.Raiden
14.0.0.-196

NANO AntiVirus
Riskware.Win32.Raiden.vgnmf
1.0.30.8213

Quick Heal
(Suspicious) - DNAScan
8.16.14.00

Rising Antivirus
Trjoan.Generic-E48BkfCXUXM (Cloud)
23.00.65.16802

Sophos
Generic PUA CM (PUA)
4.98

File size:
5.7 MB (5,952,890 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\raidenftpd2.exe

File PE Metadata
Compilation timestamp:
5/20/2006 3:29:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:Qx62S4L5iVrNTdRnQFGscHaoelSbx3fb2DGgGlRR6vgBoTzJUMG+Pz1EWogdba+d:Q7SQI3BRQF4H5eobIygCknTWMp1EyaZm

Entry address:
0x3166

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 40, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, D0, F0, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 60, 98, 42, 00, FF, 15, 58, 71, 40, 00, 68, 30, 92, 40, 00, 68, 20, E8, 42, 00, E8, 20, 28, 00, 00, BB, 00, 64, 43, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 28, 92, 40, 00, 53, E8, 0B...
 
[+]

Entropy:
7.9846

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file raidenftpd2.exe has been seen being distributed by the following URL.

Remove raidenftpd2.exe - Powered by Reason Core Security