» A-Trainer.exe
Overview
Analysis
File Details
Programs (1)
Network (4)

A-Trainer.exe

Advance Trainer

HackMew Productions

The executable A-Trainer.exe has been detected as malware by 6 anti-virus scanners. This file is typically installed with the program Pokemon Game Editor by 0xRH. While running, it connects to the Internet address no.rdns.ukservers.com on port 80 using the HTTP protocol.

File name:

A-Trainer.exe

Publisher:

HackMew Productions

Product:

Advance Trainer

Version:

0.09.0001

MD5:

e5b2be5ad7d9bdd310a3bf1c9881ad9b

SHA-1:

b3404f5979ea6e8c17617aa8ea3ce9e7cd8a5db3

SHA-256:

a19ff74af3d15f4406d17ea4af8b43a670701785cdfacb59297e9776dd328d56

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

5/2/2024 7:20:10 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-140817

Bkav FE

W32.Clod1d4.Trojan

1.3.0.4959

Fortinet FortiGate

W32/Vb.BL!tr

8/17/2014

McAfee

Generic.tra!g

5600.7035

Sophos

Mal/VB-BL

4.98

VIPRE Antivirus

Trojan.Win32.Generic

32236

File size:

126 KB (129,024 bytes)

Product version:

0.09.0001

Original file name:

A-Trainer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

7/18/2009 5:10:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:2YrUlST3TTsGTCtlBYt9f0uP5f4tIn5g8nfout4Sr:2YrUlST3Lml2tp0ntIn+CfoS4S

Entry address:

0x731E0

Entry point:

60, BE, 00, 90, 45, 00, 8D, BE, 00, 80, FA, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, DF, 19, 07, 00, 57, 83, C3, 04, 53, 68, DA, A1, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.8330 (probably packed)

Code size:

108 KB (110,592 bytes)

The file A-Trainer.exe has been discovered within the following program.

Pokemon Game Editor by 0xRH

A ROM hacker for the Pokemon video game.

www.0xRH.com

About 5% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:80)

TCP (HTTP):

Connects to no.rdns.ukservers.com (94.229.72.116:80)

Remove A-Trainer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.