trainer.exe

The executable trainer.exe has been detected as malware by 10 anti-virus scanners. The file has been seen being downloaded from s10158.chomikuj.pl.
MD5:
b88875d3af50ed7ac13349c4a9b6df87

SHA-1:
c4ac52a0beea2ad5fd76b8ab0e09f607c867913d

SHA-256:
4d156e453a6b963f4e1974ce8f1048855df96a47d236b1fa2009333bc73a99bf

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/30/2024 10:12:45 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Skodna.GameHack
2017.0.2844

Baidu Antivirus
Hacktool.Win32.GameHack
4.0.3.1623

ESET NOD32
Win32/GameHack.G potentially unsafe (variant)
10.12801

F-Prot
W32/GameHack.B.gen
v6.4.7.1.166

G Data
Win32.Application.Agent.SASMOL
16.2.25

K7 AntiVirus
Trojan
13.212.18273

NANO AntiVirus
Trojan.Win32.XPACK.qqahv
1.0.14.5380

SUPERAntiSpyware
Trojan.Agent/Gen-GameHack
9346

Trend Micro
TROJ_GEN.R092C0OK515
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
46182

File size:
35 KB (35,840 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\trainer.exe

File PE Metadata
Compilation timestamp:
6/23/2003 4:02:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
768:5ThyVBThKaB4Hqmz56nyDVaiI78DISIsEsCBaSyXGCGHJdFV4O:3aBezRDAi2gl7HCngGTHY

Entry address:
0x1000

Entry point:
6A, 00, E8, F9, 10, 00, 00, A3, B8, 45, 40, 00, 6A, 00, 68, 28, 10, 40, 00, 6A, 00, 6A, 64, FF, 35, B8, 45, 40, 00, E8, A8, 10, 00, 00, 50, E8, D2, 10, 00, 00, 55, 8B, EC, 81, 7D, 0C, 10, 01, 00, 00, 75, 36, 8B, 45, 08, A3, 6B, 45, 40, 00, 68, C8, 00, 00, 00, FF, 75, 08, E8, 8D, 10, 00, 00, 50, E8, 99, 10, 00, 00, 6A, 00, 6A, 50, 68, A0, 0F, 00, 00, FF, 75, 08, E8, 8E, 10, 00, 00, E8, DE, 0F, 00, 00, E9, A1, 0F, 00, 00, 83, 7D, 0C, 10, 75, 0C, 6A, 00, E8, 83, 10, 00, 00, E9, 8F, 0F, 00, 00, 81, 7D, 0C, 13...
 
[+]

Entropy:
7.2158

Packer / compiler:
TASM / MASM

Code size:
4.5 KB (4,608 bytes)

The file trainer.exe has been seen being distributed by the following URL.

Remove trainer.exe - Powered by Reason Core Security