SAM.Picker.exe

SAM.Picker

Party Princess Palace

The executable SAM.Picker.exe, “Steam Achievement Manager Picker” has been detected as malware by 9 anti-virus scanners. While running, it connects to the Internet address metro.volia.net on port 80 using the HTTP protocol.
Publisher:
Party Princess Palace

Product:
SAM.Picker

Description:
Steam Achievement Manager Picker

Version:
6.2.0.797

MD5:
6e4caca6ed78db206f0e9d2c91a3eb97

SHA-1:
fa77ef464c53ae9eb3ab3fb8b6cf8a19044a5667

SHA-256:
746986bc99e748b82527214609774d85d55cf38d72e93e920560e9a89ca8ce3c

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/28/2024 6:33:48 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.149.206

AVG
Dropper.Generic4
2015.0.3470

Baidu Antivirus
Trojan.MSIL.Packed
4.0.3.14519

Bkav FE
W32.Cloda2d.Trojan
1.3.0.4959

ESET NOD32
MSIL/GameTool
8.9803

IKARUS anti.virus
Trojan-Dropper
t3scan.1.6.1.0

McAfee
Artemis!6E4CACA6ED78
5600.7126

Norman
Suspicious_Gen4.AIBTL
11.20140519

VIPRE Antivirus
Win32.Malware!Drop
29230

File size:
97.2 KB (99,560 bytes)

Product version:
6.2.0.797

Copyright:
Copyright © PPP 2010

Original file name:
SAM.Picker.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\steamachievementmaneger\sam.picker.exe

File PE Metadata
Compilation timestamp:
7/2/2011 5:30:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:rmaa6KurmF0M8zQu+kgNrX3P9F2ZlnRbal:iaa0rpVQrX/aZnbal

Entry address:
0x122EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
65 KB (66,560 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to lljk.net  (67.228.98.218:80)

TCP (HTTP):
Connects to metro.volia.net  (77.120.60.169:80)

Remove SAM.Picker.exe - Powered by Reason Core Security