survival.exe

The application survival.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.disk.yandex.ru and multiple other hosts.
Version:
1.0.0.0

MD5:
154ccd5a858ab9a743033bdfdd0270f7

SHA-1:
beb0cacb627c9c0cec23b5b26ea3c465e494e362

SHA-256:
3c15a3eebedc6c86513e218a9d7acc21c302c9686203d8244f130ecf3e62693c

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:46:33 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
Trojan.Symmi.DDE4B
1.0.0.590

AVG
Win32/Blacked
2016.0.2930

Baidu Antivirus
PUA.Win32.GameCheat
4.0.3.15119

Bitdefender
Gen:Variant.Symmi.56907
1.0.20.1565

Bkav FE
HW32.Packed
1.3.0.7383

Emsisoft Anti-Malware
Gen:Variant.Symmi.56907
8.15.11.09.06

ESET NOD32
Win32/GameCheat.H potentially unwanted (variant)
9.12534

Fortinet FortiGate
Riskware/GameCheat
11/9/2015

F-Secure
Gen:Variant.Symmi.56907
11.2015-09-11_2

G Data
Gen:Variant.Symmi.56907
15.11.25

Malwarebytes
Trojan.Banker
v2015.11.09.06

McAfee
Artemis!154CCD5A858A
5600.6586

MicroWorld eScan
Gen:Variant.Symmi.56907
16.0.0.939

NANO AntiVirus
Trojan.Win32.GameCheat.dxzoze
0.30.26.4437

Trend Micro
TROJ_GEN.R08NC0EDQ15
10.465.09

VIPRE Antivirus
Trojan.Win32.Generic
45086

ViRobot
Trojan.Win32.S.Agent.1789952.O[h]
2014.3.20.0

File size:
1.7 MB (1,789,952 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\survival.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:NsbxO3JH/UehNxS1bm5k5sZlNQebDhOuvAfukNWsJp:+bxO3yJqOaXNQexRYhH

Entry address:
0x5B12F

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, C5, 3E, 5C, 00, E6, 97, DA, 15, E8, 07, 53, EE, F7, 5F, 46, 5B, CF, 04, F6, 0F, 13, 5B, 61, 10, A1, 98, A6, 37, FB, D6, FE, 3B, 64, A9, 69, 8D, A9, C0, 4F, BE, 96, A9, DD, 70, 69, D7, CE, E4, D1, 3D, 04, AE, FF, 31, 03, 1D, C9, 3A, 7F, F7, 4F, D2, 0F, 5D, 6B, A3, 2D, B4, DB, FE, 5C, B4, 0D, BF, 8D, 6D, 27, 16, CF, F5, E7, D6, 6C, ED, 52, 4C, F6, 08, 6D, 4E, 4B, 42, 32, 14, 17, 3D, C0, 7F, 2A, 94, 0D, B8, 22, 74...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,435,136 bytes)

The file survival.exe has been seen being distributed by the following 4 URLs.

https://downloader.disk.yandex.ru/disk/c11f6febdba6f46a0dd5e3605aa3a532510f77a4517298037472bcf9359f2ebe/58401899/.../x-msdownload&fsize=1789952&hid=c878ab44a1f2722073e3e600d0bd6570&media_type=executable&tknv=v2

https://mega.nz/temporary/.../HlRkUR5B

http://download2078.mediafire.com/wugwx0yk7tfg/.../Survival Teleport.EXE

http://download1070.mediafire.com/3389b8whe6lg/.../Survival Teleport.EXE

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-219-88-206.deploy.static.akamaitechnologies.com  (23.219.88.206:80)

TCP (HTTP SSL):
Connects to srv82-165-240-87.vk.com  (87.240.165.82:443)

TCP (HTTP):
Connects to a23-219-88-198.deploy.static.akamaitechnologies.com  (23.219.88.198:80)

Remove survival.exe - Powered by Reason Core Security