home

real_dominoes.exe

Media Contact LLC

The executable real_dominoes.exe, “Real Dominoes Setup ” has been detected as malware by 9 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from c.gametop.com.
Publisher:
Media Contact LLC

Description:
Real Dominoes Setup

MD5:
ce4e5d3e175b6c20e6b0e6fbb43348cf

SHA-1:
dc965614787bf7d5ef6048dfa7ee0cbf98354057

SHA-256:
cfdd6e69fb5924b5fe388ab74d61ae7fcde7028391a144d1538f822d360b6217

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/5/2024 10:30:25 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160216-3

AVG
Win32/Sality
2015.0.4533

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.1710.0

File size:
2.2 MB (2,295,790 bytes)

Copyright:
Copyright (C) Media Contact LLC

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\real_dominoes.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:iGatTvRbBdLEnedM86nteiLmOp4IXDF2ziG0VLgfaSLn7A/nTBD7:jaTbB+86tyOp40DUYSLn7A/nTBv

Entry address:
0x98BC

Entry point:
4D, 34, 16, 89, CB, 81, C1, FD, E5, 8A, B8, EB, 04, F2, F6, C2, A0, 43, BF, 8D, 10, E4, 0D, 86, CF, 0F, B7, DD, 89, C8, 8A, DA, 57, EB, 09, 69, CE, 76, 02, A5, 4A, 8A, CC, 4F, 5D, 80, DA, 88, 0F, AF, EA, 85, F1, 69, CA, 89, 03, 0C, 67, 86, DB, 85, F2, 85, D1, 73, 07, F6, C4, CE, 85, C1, 34, B4, 57, 0F, AF, CA, BD, 74, 33, BC, C6, 8D, 3D, 22, 5A, 46, E2, E8, 47, 00, 00, 00, 88, FF, 88, EE, 86, D7, 80, EA, 0D, 8D, 2D, 4F, A3, 94, D4, 01, FB, 68, 31, 06, FA, FF, 70, 01, 45, 59, 81, DB, 41, F1, FF, 62, 09, DD...
 
[+]

Code size:
36 KB (36,864 bytes)

The file real_dominoes.exe has been seen being distributed by the following URL.

http://c.gametop.com/.../Real_Dominoes.exe

Remove real_dominoes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.