home

tibia963.exe

Tibia

CipSoft GmbH

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
CipSoft GmbH

Product:
Tibia

Description:
Tibia Player 963

Version:
9.63

MD5:
7ba4d59a46942ec6acedbf35eb763909

SHA-1:
20e4124bafeb9c122493e719260e25f24b6acee1

SHA-256:
d6462f82fe6349f5ab5ba2e828c31f84e7ac086694c557c1aa1d67f77b79c281

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
1/13/2025 11:43:33 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
Suspicious_GEN.F47V0302
7.2.124

ViRobot
Trojan.Win32.A.Yakes.32062618[h]
2014.3.20.0

File size:
30.6 MB (32,062,618 bytes)

Product version:
9.63

Copyright:
CipSoft GmbH

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\tibia963.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
786432:FBO0BMt8XPojJ+ptBKBRMzAp40ECH9yURew:FBOH8/aJ+zBKTGs4Nay2ew

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file tibia963.exe has been seen being distributed by the following 10 URLs.

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1477174248&Signature=f0XmGRV-sVZFRPloHPoJg-PE4Vyy79Y8OyHkzP9MIvDnCq1vWj30iIuV1msEd7HqXDmX~dWb-qCbm6ghG5HB7HkZHOCh1v4v2~qP7zkZUewWSH3SBEebE2SApFGsqdp7WJx98uRvqUc85S-SWNAV1Qh2656L5lSzlrJLKbzG02k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1481068008&Signature=ZQmdUHI-I1XkCUFF~vzmSwGQOQbO4rjZGGpUEe3Hn32r-bQtSQcVom19vD~6eHJHSvIEigKKUHcEGvwd1nkueKS7LHoE9~ZDdlaXFAqWzCtqH36TVuagaQee7KlhYUUs~lr2QaOBvDNuqlarpTWh9jvTloqjAga-wO8eiCAhfT4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1481649180&Signature=U598YDDQwPvVDM7SawT4lM6B1uB9NVBJFjQArATtWT~TCO1cPEZEIwj3GK8qyaV9bC~MQyIfrX7qiHkScf5QqK9b9lVpkveyLRiwSNghcK0IDwbSP5wMacW70efZ-Hw7Tft6JFiPrrSxL~3YIsh64ZJoGsovmiRmrbfpDqsSp54_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1468926315&Signature=Tds38GCqKPpCqUIYVnkLwkFP7qVSV5zwsbGI4wZFq3NZwudvJPnpnUCPKSZkkjCuAXTnGu6jQO8sjoi8d59W1CQaOS9092cyiY09lg0YyAiAazvg9-qlMt-srDLfy7bHAhR06Xr2VLEC-UiKVOoKIp8T~bABirnb1DytkZvwlpw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1476629203&Signature=V5wq1kzBorIQmViMuX2Lb9~OOX8Hiq8Fn8mxYSfpkd5OJjumL9CA5NZcPERASo0SfNM-3Gq-PhmMb66AkgumcpsfTQ5~5yA0pY6UbjPkOvdVerYFYO-WPrrtQiLqQUHpmrjzGD2jdE5JDZJ50Dlmp9AaQI9RBjBCT2kqJy0QKf0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1481783476&Signature=ShKwcGw-zQtdkDkP06nMLi~~BchcLL5dkRmA0LTqx6brK86xWYMUhQdsW6XFCZRHZlYsqGkl5t43sWvELlsMvTzyz2XvCTfC8b~laYHIyhLlgnuGeP52~lWzC2sng~QXsiCqcM3JS2~BWGYB1iUk2wHUe5LJa6U287rMcg~SFuw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1479012486&Signature=ipWhskdwea45yYA-bAokMjvKDVhJiyt0eqFnZVv9wJ5-QsXXPzjo7vLI83XzsSPUX~HllxR91DiR5wWCjqlyJpkn9xXhVnID4Fja3BiwvmJM1Xv-7U1HhO7sfVEgnwwQ7ot6BRAqxjlUH11dqibEqpmDq8NnkTEPqAqGY5Pfq4I_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

http://static.tibia.com/.../tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1433611967&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=JGpDYYUZiOa8We1psrxeTZW3-YN9vx5VAUTWlsV3bolTsSFmecQqba4viv9cgn8Xa1UeMLcndsbk6Ke3B211qmIXcS8OEgRBdQdb~UnkWFoFCc8HIGKVEEBe9u2ZZRmJXAeaQYWfUJ5u-obHuBGIHH4uZYQHtRMTIakuXBrJlhY_&filename=tibia963.exe

http://gsf-cf.softonic.com/20e/412/.../file?SD_used=0&channel=WEB&fdh=no&id_file=65876&instance=softonic_br&type=PROGRAM&Expires=1447393763&Signature=Qcs5krZ5-0u8FiDj-0LXQ9MLgR4Rgd7Evk2IT9WIThdxg61zLb9htPvJmJDH20wDhqvOAPgm9Nmd-YEKnT2ZDjq4ActtgdBO6W510VvR6kE4udSeuqgAEzVglJQMOqWqzSfE1xucLDetFVNgG6sjTdxHo3r848eRHGFtIKDVw-Y_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=tibia963.exe

Scan tibia963.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.