home

TTR GE.exe

TTR Game Enhancer

TTR Game Enhancers

This is a setup program which is used to install the application. The file has been seen being downloaded from mg.mail.yahoo.com.
Publisher:
TTR Game Enhancers  (signed and verified)

Product:
TTR Game Enhancer

Description:
TTR Game Enhancers

Version:
0.0.0.0

MD5:
54ca1be2f8d2a8aa6a8b8140f95c6dc0

SHA-1:
688d1e79841ae4abf27664fb83994554674b7424

SHA-256:
490688b7f5f561e7868d3fb2005f1770448771887f841ad96dc2a847aa4f5259

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
1/13/2025 4:06:19 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.7383

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1077

File size:
2.6 MB (2,754,032 bytes)

Product version:
0.0.0.0

Original file name:
TTR GE.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
TTR Game Enhancers

Authority:
TTR Game Enhancers

Valid from:
6/18/2015 11:00:00 PM

Valid to:
6/18/2016 11:00:00 PM

Subject:
CN=TTR Game Enhancers

Issuer:
CN=TTR Game Enhancers

Serial number:
2B5EDAC3E76B788A4A28BD8C10B8B5D8

File PE Metadata
Compilation timestamp:
12/9/2015 12:19:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
48.0

CTPH (ssdeep):
49152:o/mShen+Z0ueLnq2pTgmtQJBUfzAuOkoT9oJLnNYrCEXJAV9CUf:yW+Z0zqeQJBUfMuBoEnN3EXJa9Xf

Entry address:
0x518000

Entry point:
50, C7, 04, 24, A2, 49, 05, 07, 89, 2C, 24, 89, 34, 24, 68, 54, 35, F6, 4F, 89, 0C, 24, C7, 04, 24, 3B, 2F, CD, 4E, 89, 04, 24, 50, 89, E0, 05, 04, 00, 00, 00, 83, E8, 04, 87, 04, 24, 8B, 24, 24, 89, 1C, 24, E8, 01, 00, 00, 00, CC, 8B, 04, 24, 68, 19, 83, BA, 29, 89, 34, 24, 89, E6, 81, C6, 04, 00, 00, 00, 83, C6, 04, 87, 34, 24, 5C, 68, F3, C3, 83, 33, 89, 34, 24, 50, 81, 2C, 24, 4F, 01, 76, 5A, 5E, 81, C6, 4F, 01, 76, 5A, 89, F3, 5E, 52, 57, BF, 99, 5F, ED, 1F, BA, 98, 5F, ED, 1F, 31, FA, 5F, 01, D0, 5A...
 
[+]

Entropy:
7.8909  (probably packed)

Code size:
611.5 KB (626,176 bytes)

The file TTR GE.exe has been seen being distributed by the following URL.

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_475239_AHnsw0MAACUYVoskFwEk LLpGag&fid=Inbox&pid=3&clean=0&appid=YahooMailNeo&ymreqid=c26201a1-cb83-8d3b-01ef-ce0016010000

Scan TTR GE.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.