home

update-middle-earth-shadow-of-mordor-update-5-build-v1808.18-dlc-multi-3dmgame.exe

Sistema operativo Microsoft Windows

Smart Distribyushn, TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable update-middle-earth-shadow-of-mordor-update-5-build-v1808.18-dlc-multi-3dmgame.exe, “Archivo ejecutable para juego de Carta blanca” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from recordonlinefast.ru.
Publisher:
Microsoft Corporation  (signed by Smart Distribyushn, TOV)

Product:
Sistema operativo Microsoft® Windows®

Description:
Archivo ejecutable para juego de Carta blanca

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
a3d698c870297a938b049dc9255ef7cc

SHA-1:
8acdcd80b33eafb1912acc4cbdf35aef54d7644f

SHA-256:
912a495442aef65a3445f01ab7a6f99785dbcdff10ddb0951d866cbc1c826c48

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 9:46:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.26.5

File size:
7.2 MB (7,570,984 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. Reservados todos los derechos.

Original file name:
freecell.exe.mui

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\downloads\update-middle-earth-shadow-of-mordor-update-5-build-v1808.18-dlc-multi-3dmgame.exe

Digital Signature
Signed by:
Smart Distribyushn, TOV

Authority:
COMODO CA Limited

Valid from:
7/20/2016 9:00:00 PM

Valid to:
5/11/2017 8:59:59 PM

Subject:
CN="Smart Distribyushn, TOV", OU=IT, O="Smart Distribyushn, TOV", STREET="vul. IVANA KUDRI, 37-A", L=Kiev, S=Kiev, PostalCode=01042, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
44F7AD0BD4F298AFA32D347ECF9E22C5

File PE Metadata
Compilation timestamp:
7/3/2015 8:36:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x7232E0

Entry point:
6A, 70, 68, 60, C8, B2, 00, E8, D0, 01, 00, 00, 33, DB, 53, 8B, 3D, 0C, D0, B2, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 58, D0, B2, 00, 59, 83, 0D, B0, CA, B2, 00, FF, 83, 0D, B4, CA...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
7.1 MB (7,485,440 bytes)

The file update-middle-earth-shadow-of-mordor-update-5-build-v1808.18-dlc-multi-3dmgame.exe has been seen being distributed by the following URL.

http://recordonlinefast.ru/1470416826123326242/update-middle-earth-shadow-of-mordor-update-5-build-v1808/.../?load=1&ippid=1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.