trainer v2.0.exe

The executable trainer v2.0.exe has been detected as malware by 19 anti-virus scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from dc720.4shared.com.
Version:
1.7.0.0

MD5:
8bde15f02072962ccbe3de21bedc2461

SHA-1:
d4f59db112b4ba01039906e33387ff5f84e82dea

SHA-256:
ff868b590ea52fca3b99ea7267ddf61ab69932efc444aea8535f0d4e91c9c467

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
11/23/2024 5:04:33 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
HackTool.CheatEngine
7.1.1

Avira AntiVirus
TR/Gendal.582504
3.6.1.96

Baidu Antivirus
Hacktool.Win32.CheatEngine
4.0.3.151016

Clam AntiVirus
Trojan.Agent-275153
0.98/21511

Comodo Security
UnclassifiedMalware
21804

ESET NOD32
Win32/HackTool.CheatEngine.AB potentially unsafe (variant)
9.11493

Fortinet FortiGate
Riskware/CheatEngine
10/16/2015

G Data
Win32.Trojan.Agent.ZDWQ2P
15.10.25

IKARUS anti.virus
Trojan.Gendal
t3scan.1.8.9.0

Malwarebytes
HackTool.GamesCheat.Gen
v2015.10.16.01

McAfee
Artemis!8BDE15F02072
5600.6611

Norman
CheatEngine.QU
11.20151016

Qihoo 360 Security
Win32/Trojan.3c5
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.10.16.1

Sophos
CheatEngine
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0PHO14
7.2.289

Trend Micro
TROJ_GEN.R0C1C0PHO14
10.465.16

VIPRE Antivirus
Trojan.Win32.Delf.abt
39440

Zillya! Antivirus
Tool.CheatEngine.Win32.870
2.0.0.2142

File size:
565.9 KB (579,497 bytes)

Product version:
1.2

File type:
Executable application (Win32 EXE)

Language:
Neerlandés (Países Bajos)

Common path:
C:\users\{user}\downloads\plantas contra zombies mas trainer\trainer +7\trainer v2.0.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:5Rbu/jtigh+M9lbfx3yABdMD6iH4u3c+gFmV:3Osghzh/QG6fcBmV

Entry address:
0x75C14

Entry point:
55, 8B, EC, 83, C4, F0, B8, AC, 59, 47, 00, E8, 98, 07, F9, FF, A1, 64, B4, 47, 00, 8B, 00, E8, 00, 28, FE, FF, A1, 64, B4, 47, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 78, B3, 47, 00, A1, 64, B4, 47, 00, 8B, 00, 8B, 15, 44, 57, 47, 00, E8, F5, 27, FE, FF, A1, 64, B4, 47, 00, 8B, 00, E8, 69, 28, FE, FF, E8, A0, E5, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
467.5 KB (478,720 bytes)

Scheduled Task
Task name:
{0CE1B241-BE96-4ABF-97A0-28489F06B229}

Trigger:
Registration (Runs on registration)


The file trainer v2.0.exe has been seen being distributed by the following URL.

Remove trainer v2.0.exe - Powered by Reason Core Security