re-loaderbyr@1n.exe

Re-Loader By R@1n

The application re-loaderbyr@1n.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from d5.uploadex.com.
Product:
Re-Loader By R@1n

Description:
Activator

Version:
2.0.2.6

MD5:
cec7746ea85ec0cc63c37bebccb43ca0

SHA-1:
280588c366c18ee6943c010302ed1932a310157f

SHA-256:
5457deeea6beb964ea1f9e57a2b06bf169ddd3d2a349ed0cf9d42bb2fd132136

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 12:39:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.100857
404

Arcabit
Trojan.Strictor.D189F9
1.0.0.637

avast!
Win64:PUP-gen [PUP]
2014.9-151227

Bitdefender
Gen:Variant.Strictor.100857
1.0.20.1805

Emsisoft Anti-Malware
Gen:Variant.Strictor.100857
8.15.12.27.01

F-Secure
Gen:Variant.Strictor.100857
11.2015-27-12_1

G Data
Gen:Variant.Strictor.100857
15.12.25

McAfee
Artemis!CEC7746EA85E
5600.6538

Microsoft Security Essentials
HackTool:Win32/Wpakill
1.1.12400.0

MicroWorld eScan
Gen:Variant.Strictor.100857
16.0.0.1083

Rising Antivirus
MSIL:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.151225

File size:
2 MB (2,056,950 bytes)

Product version:
2.0.2.6

Copyright:
Copyright © By R@1n 2015

Original file name:
Activator.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\re-loaderbyr@1n.exe

File PE Metadata
Compilation timestamp:
12/9/2010 8:58:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:9Nn7IFFjjZwdyA8zAqgZ8cRqO3AIz0xxb0V++gXgEjIIxF+XqUHFRDc13G9nwrfQ:9JIFFpwdylk2epbzr8wCtUHM13Gxwgn

Entry address:
0x2E5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4 KB (4,096 bytes)

The file re-loaderbyr@1n.exe has been seen being distributed by the following URL.

Remove re-loaderbyr@1n.exe - Powered by Reason Core Security