» re-loaderbyr@1n.exe
Overview
Analysis
File Details
Downloads (2)

re-loaderbyr@1n.exe

Re-Loader By R@1n

The application re-loaderbyr@1n.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from d5.usercdn.com and multiple other hosts.

File name:

re-loaderbyr@1n.exe

Product:

Re-Loader By R@1n

Description:

Activator

Version:

2.0.2.3

MD5:

6ecda49498c21201863980a28079b669

SHA-1:

8f11d6a6b1fc3eea545e45b410993c50aae8c53e

SHA-256:

58c19f4e5c84201037cfba23847cc9fe7d3b92c6523654343405d7e175854d67

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

11/1/2024 9:27:41 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.100857

414

Arcabit

Trojan.Strictor.D189F9

1.0.0.629

avast!

Win64:PUP-gen [PUP]

2014.9-151217

Bitdefender

Gen:Variant.Strictor.100857

1.0.20.1755

Emsisoft Anti-Malware

Gen:Variant.Strictor.100857

8.15.12.17.05

F-Secure

Gen:Variant.Strictor.100857

11.2015-17-12_5

G Data

Gen:Variant.Strictor.100857

15.12.25

McAfee

Artemis!6ECDA49498C2

5600.6548

Microsoft Security Essentials

HackTool:Win32/Wpakill

1.1.12400.0

MicroWorld eScan

Gen:Variant.Strictor.100857

16.0.0.1053

Rising Antivirus

MSIL:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.151215

File size:

2 MB (2,056,495 bytes)

Product version:

2.0.2.3

Original file name:

Activator.exe

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

12/9/2010 9:58:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:SQ1Pc1VxB0gOpnrER29UOYeZcz0xxb0V++gXgEjIIxF+XqUHFRDc13G9nwrfMB8h:SAk1V3GY29dYiczr8wCtUHM13Gxwgq

Entry address:

0x2E5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

4 KB (4,096 bytes)

The file re-loaderbyr@1n.exe has been seen being distributed by the following 2 URLs.

https://d5.usercdn.com/d/.../10.exe

https://userscloud.com/fd5a2t5i7dxa

Remove re-loaderbyr@1n.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.