home

tibiacast_3_1_58.exe

Armen2

httrack.com

The executable tibiacast_3_1_58.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from docs.google.com.
Publisher:
Stellar Information System Ltd  (signed by httrack.com)

Product:
Armen2

Version:
1.00

MD5:
fdc9e8ed766a6274475f03e82f06c4ed

SHA-1:
2fc617f015c3f08831ae16da8b5f652a7b89c80a

SHA-256:
aa19f0a2102e30a3c56f7907b3d13d4240f50500dacc1f9121a0a8ac86327fb9

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/27/2024 3:22:24 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160518-2

ESET NOD32
Win32/PSW.Tibia.NIC trojan
8.0.319.0

Norman
Gen:Variant.Symmi.62427
28.05.2016 15:32:18

File size:
1.3 MB (1,325,136 bytes)

Product version:
1.00

Original file name:
Nitrophyte6.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tibiacast_3_1_58.exe

Digital Signature
Signed by:
httrack.com

Authority:
Unizeto Technologies S.A.

Valid from:
9/10/2014 8:46:50 AM

Valid to:
9/10/2015 8:46:50 AM

Subject:
E=roche@httrack.com, CN="Open Source Developer, httrack.com", O=httrack.com, C=FR

Issuer:
CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
1439B5713BC6C663A553F7871A3E1E63

File PE Metadata
Compilation timestamp:
3/17/2016 2:44:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:x+w5SXCiOGvw/P6SQj1HACJTefH6sbamhiOj3CK5k9:Yw5SXxnvw3UVnefH6sNhVjCK29

Entry address:
0x104C

Entry point:
68, 94, A2, 52, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 68, F7, 95, B2, E6, F7, 8A, 4E, 94, 5F, C5, 92, 36, 75, 0C, 0F, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 04, 00, 00, 00, 4D, 6F, 65, 6B, 6F, 00, F5, 02, 00, 00, 00, 00, FF, CC, 31, 00, 01, 1B, 8F, 8D, 0C, FA, 98, 92, 44, 81, 07, BF, 74, 38, FD, E6, 5C, 84, 9C, 5E, D1, F2, 6B, FD, 45, BC, FB, 22, 72, 8A, 63, E1, BD, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
7.9354

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
1.2 MB (1,290,240 bytes)

The file tibiacast_3_1_58.exe has been seen being distributed by the following URL.

https://docs.google.com/uc?authuser=0&id=0B81hXygtNf8lWFotNjVZNXRkS0E&export=download

Remove tibiacast_3_1_58.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.