home

315load32.exe

Tomb Raider: Anniversary

Eidos Inc.

The executable 315load32.exe has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download1305.mediafire.com.
Publisher:
Eidos Inc.

Product:
Tomb Raider: Anniversary

Version:
1.0.9

MD5:
1dbc1a1465dd5731581bc76a882e62a5

SHA-1:
767ebac70e6befa97c69aaf469bd90f3ee6ebdc3

SHA-256:
f7266ee4ebf4f60dfd87297dccec470b3c78e4259c163b882bec646292e70950

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/25/2024 3:38:44 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Hottrend.1
9.0.1.060

ESET NOD32
MSIL/Injector.CVM (variant)
8.9476

Qihoo 360 Security
Malware.QVM03.Gen
1.0.0.1015

File size:
762.5 KB (780,800 bytes)

Product version:
1.0.9

Copyright:
Copyright (C) 2007 Eidos Inc.

Trademarks:
Crystal Dynamics(R), the Crystal Dynamics(R) logo and the Eidos(R) logo are registered trademarks of the Eidos Group of Companies

Original file name:
IsraelStory.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
2/24/2014 8:00:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:cLpCs/iJJFlNKobh5ISCIuTPCuVmd+avSQCaQnleCk5ljMPmQ13WKN5VF:EpT6JBHbh5ISCIuTPCuVRdnlef5Ls3nz

Entry address:
0x2E20E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
177 KB (181,248 bytes)

The file 315load32.exe has been seen being distributed by the following URL.

http://download1305.mediafire.com/xwbwwpu2lyxg/.../FlvPlayer.exe

Remove 315load32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.