» shadowofmordor.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (2)

shadowofmordor.exe

Middle-earth: Shadow of Mordor

WB Games, Inc.

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from s6783.chomikuj.pl and multiple other hosts.

File name:

shadowofmordor.exe

Publisher:

WB Games, Inc.

Product:

Middle-earth: Shadow of Mordor™

Version:

1.0.1636.20

MD5:

5a1f63b7ac4c550cfc9a172c46f93ce5

SHA-1:

6bf70762fc3484215c9740c09cc4aa5cd1bbb8ba

SHA-256:

d2405541ae5ea639907d91fff07c0f65c12e8d855e21528d28c6b9c6bf41dc64

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/30/2024 10:16:53 AM UTC (today)

File size:

26.3 MB (27,605,504 bytes)

Product version:

1.0.1636.20

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\middle.earth.shadow.of.mordor.hd.texture.pack.addon-codex\codex\x64\shadowofmordor.exe

File PE Metadata

Compilation timestamp:

9/18/2014 6:25:40 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:dGh5xOdGnL8V9pDQkgLIyY1De7jYzrhu55KpiOETy2:Nljhu5Py2

Entry address:

0xEF4FA4

Entry point:

48, 83, EC, 28, E8, 67, 06, 00, 00, 48, 83, C4, 28, E9, 26, FD, FF, FF, FF, 25, A4, BA, 48, 00, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, 3C, 99, B0, 00, FF, 15, B6, B2, 48, 00, 48, 89, 44, 24, 38, 48, 83, F8, FF, 75, 0B, 48, 8B, CB, FF, 15, A2, B7, 48, 00, EB, 7E, B9, 08, 00, 00, 00, E8, E2, 06, 00, 00, 90, 48, 8B, 0D, 0E, 99, B0, 00, FF, 15, 88, B2, 48, 00, 48, 89, 44, 24, 38, 48, 8B, 0D, F4, 98, B0, 00, FF, 15, 76, B2, 48, 00, 48, 89, 44, 24, 40, 48, 8B, CB, FF, 15, 70, B2, 48, 00, 48, 8B, C8, 4C... 
[+]

Code size:

19.5 MB (20,441,088 bytes)

Scheduled Task

Task name:

{3B6095A1-DE55-434C-ABC8-06DBDA278561}

Trigger:

Registration (Runs on registration)

The file shadowofmordor.exe has been discovered within the following program.

Middle Earth Shadow of Mordor by Black Box

www.ggamez.net

About 3% of users remove it

The file shadowofmordor.exe has been seen being distributed by the following 2 URLs.

http://s6783.chomikuj.pl/File.aspx?e=ckD2rqPkPslkFd1hxcJc_adqFfQGl8YjnDESrp81S0aqAEg1m542dLF3CNS8m2yxGVMX6B8Cdktc-8b0oNdyEG6I6FaGgeDcdM4ErqiZWp17ATRohgqF675q62y65b8LWTfezyDTsyifIzekAHE8Og&pv=2

https://www.dropbox.com/s/.../ShadowOfMordor.exe

Scan shadowofmordor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.