warface.varbaksy.exe

The executable warface.varbaksy.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from 9i7ffdgvffibow7.vrnserver.ru.
Version:
1.0.0.0

MD5:
5923b744754b91a96cc773a9c203ff64

SHA-1:
5c11f4c070acaf4333e982a4699577601ad8b83f

SHA-256:
92546db8f4496de5c0b82ae68317e9d2e85e79215c8ae29e330d7a48953ccf98

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 1:04:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.7.3.14

File size:
8 MB (8,383,661 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\warface.varbaksy.exe

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:3rLNlldNcDjIuT0COMN30q9Ila1sl9x8BLn/VmuzRD:bLNlldNcDjIuT0COM+la1sPmtRND

Entry address:
0x4F5C88

Entry point:
55, 8B, EC, 83, C4, E8, 53, B8, F0, 46, 8F, 00, E8, 63, 20, B1, FF, 33, C0, 55, 68, 42, 5E, 8F, 00, 64, FF, 30, 64, 89, 20, E8, 3C, 7D, C2, FF, 85, C0, 74, 21, E8, 33, 7D, C2, FF, 8B, 04, 85, 18, 3B, 91, 00, 89, 45, E8, 33, C0, 89, 45, EC, DF, 6D, E8, E8, E4, D1, B0, FF, E8, 8B, F4, B0, FF, B8, 20, FA, 93, 00, E8, 3D, F5, B0, FF, A1, 20, FA, 93, 00, E8, 03, F8, B0, FF, 8B, D8, E8, FC, 7C, C2, FF, 3B, D8, 0F, 85, E8, 00, 00, 00, C7, 05, 1C, FA, 93, 00, 20, 00, 00, 00, A1, 1C, FA, 93, 00, E8, B0, 3A, B1, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
5 MB (5,197,824 bytes)

The file warface.varbaksy.exe has been seen being distributed by the following URL.

Remove warface.varbaksy.exe - Powered by Reason Core Security