» the-elder-scrolls-v-skyrim-.exe
Overview
Analysis
File Details
Downloads (1)

the-elder-scrolls-v-skyrim-.exe

LLC

The application the-elder-scrolls-v-skyrim-.exe by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from svajhfrgfvfsdh.ru.

File name:

Publisher:

LLC (signed and verified)

Version:

3.2.8.2

MD5:

fa7a33f642fe94e20fe45ab62dafb8bb

SHA-1:

9d484b64f561e39ba7aa695226b77e054197124b

SHA-256:

e2b594829bd5cf6854455e363c188164fc69da7b044a695bd5553cf7db4af6f9

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/24/2024 4:10:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonitize (M)

16.3.1.3

File size:

3.5 MB (3,712,472 bytes)

Product version:

3.2.8.2

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\the-elder-scrolls-v-skyrim-.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

10/1/2015 3:00:00 AM

Valid to:

10/1/2016 2:59:59 AM

Subject:

CN="LLC ""AZ SOFT""", O="LLC ""AZ SOFT""", STREET="Vulytsya Dalnytska, Budynok 23/4, Ofis 310", L=Odesa, S=Odeska, PostalCode=65005, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3CCA67117AE7C5BE2F99ECBA3ECC9F69

File PE Metadata

Compilation timestamp:

12/9/2009 8:07:48 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

49152:qgwGHz6ObgdDajjfa5GXnA7+DH7Gez669QWMiFbpGRLRN:PwO6O4Davfa5GXnA7+DH7GeGSAJRN

Entry address:

0x1406F0

Entry point:

55, 8B, EC, 81, EC, 34, 02, 00, 00, 8B, 85, 30, FF, FF, FF, 8B, 8D, 38, FE, FF, FF, D3, E8, 89, 85, E0, FD, FF, FF, C7, 85, 44, FE, FF, FF, F0, 85, F5, FF, 8B, 4D, C4, 81, C9, 48, B3, 0A, 00, 89, 8D, 00, FF, FF, FF, 8B, 8D, 08, FF, FF, FF, 81, C1, EE, AB, 0E, 00, BA, D8, 92, F1, FF, D3, FA, 89, 95, 38, FE, FF, FF, 8B, 85, 60, FE, FF, FF, C1, E0, C5, 66, 89, 45, 8C, 33, C9, 66, 89, 8D, 70, FE, FF, FF, BA, 2B, 6C, 06, 00, 2B, 55, A4, 89, 95, 70, FF, FF, FF, C7, 85, 34, FF, FF, FF, 8C, 9D, 0B, 00, C7, 85, 7C... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.6 MB (1,700,352 bytes)

The file the-elder-scrolls-v-skyrim-.exe has been seen being distributed by the following URL.

http://svajhfrgfvfsdh.ru/.../index.php?code_s=MTc0OjE4MjcxMGUzNjlhMjdlMmNmYzY3OWM4ZmVhMzM5M2E1

Remove the-elder-scrolls-v-skyrim-.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.