v0.999b7 (patch 1.0.7.0. and eflc 1.1.2.0) by rainer.exe

The executable v0.999b7 (patch 1.0.7.0. and eflc 1.1.2.0) by rainer.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1364.mediafire.com and multiple other hosts.
MD5:
54c06b57e4ef3eaf01f63f116638606c

SHA-1:
f03d31494271879d7b52f78ff3973f1db72bc590

SHA-256:
12d5d8bd2a914c66727757f4a35b8b95b6038fb9919dbee19ff51f3f4cf441ac

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/25/2024 3:46:11 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Backdoor2.HMGF
v6.4.7.1.166

K7 AntiVirus
Riskware
13.210.17219

McAfee
RDN/Generic.dx!czp
5600.6586

Sophos
Troj/Agent-XCR
4.98

Trend Micro House Call
HKTL_GAMEHACK
7.2.313

Trend Micro
HKTL_GAMEHACK
10.465.09

VIPRE Antivirus
Trojan.Win32.Generic
43770

ViRobot
Trojan.Win32.A.Badur.397302[h]
2014.3.20.0

File size:
388 KB (397,302 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\v0.999b7 (patch 1.0.7.0. and eflc 1.1.2.0) by rainer.exe

File PE Metadata
Compilation timestamp:
4/18/2006 1:15:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
6144:/b99ZwNPbgI/ZuGUvFFsV8R4QWG7kTjBc2vSg3VgEoOIm1cHOlAPXpbvrQ1BqfK7:DfZw/YjNFYIejfSEPtID4Kpbjk97

Entry address:
0x1000

Entry point:
E8, BF, 27, 00, 00, 50, E8, 4B, 29, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E5, 40, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, 4A, 43, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, A2, 2B, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, E0, 50, 41, 00, 6A, 65, 56, E8, E8, 2A, 01, 00, 6A, 01, 56, E8, C2, 2A, 01, 00...
 
[+]

Code size:
76 KB (77,824 bytes)

The file v0.999b7 (patch 1.0.7.0. and eflc 1.1.2.0) by rainer.exe has been seen being distributed by the following 14 URLs.

http://download1364.mediafire.com/vwcvs5u83kog/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe

http://download1364.mediafire.com/otqqpb2ybatg/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe

http://download1364.mediafire.com/2mj6u4l45yfg/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe

http://download1364.mediafire.com/3ryex9mukfdg/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe

http://download839.mediafire.com/edt9gvi6tovg/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe

http://download1364.mediafire.com/i04ecdubmdug/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe

http://download1364.mediafire.com/xj7h7311yuug/.../v0.999b7 (patch 1.0.7.0. and EFLC 1.1.2.0) by Rainer.exe