» 1_warfaceloader.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

1_warfaceloader.exe

Игровой центр@Mail.Ru, версия 2.0.210

LLC Mail.Ru

The application 1_warfaceloader.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Warface by Mail.Ru. The file has been seen being downloaded from wf.3dn.ru.

File name:

1_warfaceloader.exe

Publisher:

LLC Mail.Ru (signed and verified)

Product:

Игровой центр@Mail.Ru, версия 2.0.210

Version:

2.0.0.210

MD5:

f3570c950e26f1b52f4b6a03751bc8bd

SHA-1:

de80c5ef4b6bef6067a11e36af42bcdcb4740571

SHA-256:

1418ed6e0c00bdf2c1b4739a64eaca5bc4548a7f7c411d3583af2d3eddd155d1

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 3:48:45 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

Comodo Security

UnclassifiedMalware

17738

Reason Heuristics

PUP.Optional.MailRu.P

14.3.28.18

File size:

4.4 MB (4,637,280 bytes)

Product version:

2.0.0.210

Original file name:

GameCenter@Mail.Ru.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\1_warfaceloader.exe

Digital Signature

Signed by:

LLC Mail.Ru

Authority:

Thawte, Inc.

Valid from:

12/9/2011 4:00:00 AM

Valid to:

2/7/2014 3:59:59 AM

Subject:

CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata

Compilation timestamp:

4/13/2012 5:35:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:TLRq8VCO5sxP0tUGOOFqz6w4n7sr9PL5hqJbYyQnFalObmTlh4jJEYKxagy:TLRqGBLOOUL87mPV5FalOygI6

Entry address:

0x9B1F80

Entry point:

60, BE, 00, 20, 96, 00, 8D, BE, 00, F0, A9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 75, FB, 9A, 00, 57, 83, C3, 04, 53, 68, 71, FF, 44, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

4.3 MB (4,526,080 bytes)

The file 1_warfaceloader.exe has been discovered within the following programs.

Warface by Mail.Ru

Warface is an online browser based free-to-play first-person shooter. The game is exclusive to the PC and is powered by CryEngine 3. This game is currently in an open beta stage on Mail.Ru's game client in Russia.

wf.mail.ru/register?site_id=1_880_69112_0

About 2% of users remove it

The file 1_warfaceloader.exe has been seen being distributed by the following URL.

http://wf.3dn.ru/_ld/.../1_WarfaceLoader.exe

Remove 1_warfaceloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.