home

tf2 idle.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s5920.chomikuj.pl.
MD5:
eb48d9a5fd40ae3ca715faacf4ec469a

SHA-1:
f49a6d45edecdbacb5e222bb07bac193226e8fdd

SHA-256:
3c28b84af07196d83e2863ab53f84c5e3d7c46e2e1bb60b0a3069d8024a430a0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/8/2024 11:03:36 AM UTC  (today)

File size:
6.3 MB (6,570,453 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\tf2 idle.exe

File PE Metadata
Compilation timestamp:
9/26/2013 4:10:03 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
2.22

CTPH (ssdeep):
49152:K+UIS0L+0UNoe0jaDSPuoG+Tctpg1dlj6r:40bAoe0jaa/dlj6r

Entry address:
0x14E0

Entry point:
48, 83, EC, 28, C7, 05, 92, 7B, 0A, 00, 00, 00, 00, 00, E8, 1D, 8C, 00, 00, E8, 88, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, 55, 48, 89, E5, 53, 48, 83, EC, 38, E8, E2, 8B, 00, 00, 48, 8D, 15, 0B, 4B, 09, 00, 48, 8D, 0D, 44, FD, 08, 00, E8, 0F, 10, 08, 00, 48, 8D, 15, 11, 4B, 09, 00, 48, 8D, 0D, 31, FD, 08, 00, E8, FC, 0F, 08, 00, 48, 8D, 15, 15, 4B, 09, 00, 48, 8D, 0D, 1E, FD, 08, 00, E8, E9, 0F, 08, 00, 48, 8D, 15, 4A, 4B, 09, 00, 48, 8D, 0D, 0B, FD, 08, 00, E8, D6, 0F, 08, 00, 48, 8D, 15, 87, 4B, 09...
 
[+]

Code size:
543.5 KB (556,544 bytes)

The file tf2 idle.exe has been seen being distributed by the following URL.

http://s5920.chomikuj.pl/File.aspx?e=qILHOdimvAsD1NDl0Wqnu10FfGfFYqjXIdEmmxN07vHi5JErll1zz93XNY8aAkvYUZSH68WOWCtVvGBsX6POQBwfrDZO45X9eSf_iv4ROoTEpxX52mwxc_eKdlWgT5vAUeL9gsV1r-L9_N47rb1Gdg&pv=2

Scan tf2 idle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.