» trainer.exe
Overview
Analysis
File Details
Downloads (1)

trainer.exe

The executable trainer.exe has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from s10158.chomikuj.pl.

File name:

trainer.exe

MD5:

b88875d3af50ed7ac13349c4a9b6df87

SHA-1:

c4ac52a0beea2ad5fd76b8ab0e09f607c867913d

SHA-256:

4d156e453a6b963f4e1974ce8f1048855df96a47d236b1fa2009333bc73a99bf

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

11/30/2024 10:12:45 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Skodna.GameHack

2017.0.2844

Baidu Antivirus

Hacktool.Win32.GameHack

4.0.3.1623

ESET NOD32

Win32/GameHack.G potentially unsafe (variant)

10.12801

F-Prot

W32/GameHack.B.gen

v6.4.7.1.166

G Data

Win32.Application.Agent.SASMOL

16.2.25

K7 AntiVirus

Trojan

13.212.18273

NANO AntiVirus

Trojan.Win32.XPACK.qqahv

1.0.14.5380

SUPERAntiSpyware

Trojan.Agent/Gen-GameHack

9346

Trend Micro

TROJ_GEN.R092C0OK515

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

46182

File size:

35 KB (35,840 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\trainer.exe

File PE Metadata

Compilation timestamp:

6/23/2003 4:02:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:5ThyVBThKaB4Hqmz56nyDVaiI78DISIsEsCBaSyXGCGHJdFV4O:3aBezRDAi2gl7HCngGTHY

Entry address:

0x1000

Entry point:

6A, 00, E8, F9, 10, 00, 00, A3, B8, 45, 40, 00, 6A, 00, 68, 28, 10, 40, 00, 6A, 00, 6A, 64, FF, 35, B8, 45, 40, 00, E8, A8, 10, 00, 00, 50, E8, D2, 10, 00, 00, 55, 8B, EC, 81, 7D, 0C, 10, 01, 00, 00, 75, 36, 8B, 45, 08, A3, 6B, 45, 40, 00, 68, C8, 00, 00, 00, FF, 75, 08, E8, 8D, 10, 00, 00, 50, E8, 99, 10, 00, 00, 6A, 00, 6A, 50, 68, A0, 0F, 00, 00, FF, 75, 08, E8, 8E, 10, 00, 00, E8, DE, 0F, 00, 00, E9, A1, 0F, 00, 00, 83, 7D, 0C, 10, 75, 0C, 6A, 00, E8, 83, 10, 00, 00, E9, 8F, 0F, 00, 00, 81, 7D, 0C, 13... 
[+]

Entropy:

7.2158

Packer / compiler:

TASM / MASM

Code size:

4.5 KB (4,608 bytes)

The file trainer.exe has been seen being distributed by the following URL.

http://s10158.chomikuj.pl/File.aspx?e=YZoa_KVv-D7EjzPIX7XMxo9DyML3afxH6wUi2ZoOUcuLLOkkxg0Ch7oX2P27ZS-Zwp5___L4U0PqZ3zQIkiJ6uG_XKipmQQSOZIAegc288YXqzID-vyFpCcIPZkC1lMY&pv=2

Remove trainer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.