home

tibia854.exe

CipSoft GmbH

The executable tibia854.exe, “Tibia Player 854 ” has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from dc345.4shared.com.
Publisher:
CipSoft GmbH

Description:
Tibia Player 854

Version:
8.54

MD5:
ab2fc9d0284053bc6372e33635633d4b

SHA-1:
2f1d649d062ca67b5be2441f48f21197f166d110

SHA-256:
203389566635c62f36566a675695a485aeccdfaa1bc221ef0d95e3deaffeeffc

Scanner detections:
12 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/23/2024 9:19:29 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160327-1

AVG
Win32/Parite
2015.0.4568

Dr.Web
Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.2175.0

Norman
Win32.Parite.B
02.04.2016 17:35:19

Sophos
Virus 'W32/Parite-B'
5.23

File size:
718.5 KB (735,706 bytes)

Copyright:
CipSoft GmbH

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tibia854.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:qmkOyGu2zp+FxnyTVcjoxhPrvQ+Lg8pbAm1vW4WysuuFaOw1ZFgV9:qfOyizp4yTVcjWhPrvxU8mmR7sAL+/

Entry address:
0x13000

Entry point:
B8, F7, B1, 2B, 05, 68, 20, 30, 41, 00, 5F, 90, 68, 98, 05, 00, 00, 5A, FF, 34, 3A, 31, 04, 24, 8F, 04, 3A, 83, EA, 03, 4A, 90, 75, F0, 90, 90, 1F, CC, 2A, 05, F7, B1, 2B, 05, F7, B1, 6B, 05, 2F, 29, 2B, 05, 87, 33, 23, 05, 2D, 38, 23, 05, F7, 01, 29, 05, 08, 4E, D4, FA, 43, 71, 6B, 05, 93, 73, 6B, 05, 8B, 73, 6B, 05, F7, B1, 2B, 05, F7, B1, 2B, 05, F7, B1, 2B, 05, 43, 29, 2B, 05, 95, 73, 2B, 05, 8D, 73, 2B, 05, F7, B1, 2B, 05, F7, B1, 2B, 05, F7, B1, 2B, 05, F7, B1, 2B, 05, EB, 70, 6B, 05, F7, B1, 2B, 05...
 
[+]

Code size:
36 KB (36,864 bytes)

The file tibia854.exe has been seen being distributed by the following URL.

http://dc345.4shared.com/download/.../tibia854.exe

Remove tibia854.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.