home

call_of_duty_ghosts_2013.exe

INFORMATSIONNYE TEKHNOLOGII, OOO

The application call_of_duty_ghosts_2013.exe by INFORMATSIONNYE TEKHNOLOGII, OOO has been detected as adware by 26 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.eurodeposits.ru.
Publisher:
INFORMATSIONNYE TEKHNOLOGII, OOO  (signed and verified)

MD5:
0758673c5a03ddec5b1e71ab32698081

SHA-1:
77d4c3d9ec55f9ca6a8887471b47166d7f36da0a

SHA-256:
ea712a8d8d1f46e022b27a4cf9ac869b35c3e646b7aa86a3a76af35b9d9faf5c

Scanner detections:
26 / 68

Status:
Adware

Analysis date:
4/25/2024 3:29:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.339124
1044

AhnLab V3 Security
PUP/Win32.LoadMoney
14.03.27

Avira AntiVirus
TR/Kazy.queimneae
7.11.139.92

avast!
Win32:LoadMoney-DI [PUP]
2014.9-140327

AVG
Win32/Cryptor
2015.0.3522

Bitdefender
Gen:Variant.Kazy.339124
1.0.20.430

Comodo Security
TrojWare.Win32.Monder.GEN
18001

Dr.Web
Trojan.LoadMoney.15
9.0.1.086

Emsisoft Anti-Malware
Gen:Variant.Kazy.339124
8.14.03.27.02

ESET NOD32
Win32/LoadMoney.AA
8.9603

Fortinet FortiGate
W32/LdMon.E!tr
3/27/2014

F-Prot
W32/LoadMoney.M4.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.339124
11.2014-27-03_5

G Data
Gen:Variant.Kazy.339124
14.3.24

IKARUS anti.virus
Virus.Win32.Cryptor
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11566

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
14.0.0.4107

Malwarebytes
PUP.Optional.LoadMoney
v2014.03.27.02

McAfee
PUP-FFD!0758673C5A03
5600.7178

MicroWorld eScan
Gen:Variant.Kazy.339124
15.0.0.258

Norman
Kryptik.CDIC
11.20140327

Panda Antivirus
Trj/Genetic.gen
14.03.27.02

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Obfuscated.fqw!1075217832
23.00.65.14325

Sophos
Troj/LdMon-E
4.98

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
27772

File size:
142.5 KB (145,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\call_of_duty_ghosts_2013.exe

Digital Signature
Signed by:
INFORMATSIONNYE TEKHNOLOGII, OOO

Authority:
COMODO CA Limited

Valid from:
1/24/2014 8:00:00 AM

Valid to:
1/25/2015 7:59:59 AM

Subject:
CN="INFORMATSIONNYE TEKHNOLOGII, OOO", O="INFORMATSIONNYE TEKHNOLOGII, OOO", STREET="4-6 str. 3, per. Nikoloyamski", L=Moscow, S=Moscow region, PostalCode=109004, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4D9D81FB1247142AE81FF73D60F97FD3

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:lebWSTe/JU4mdL4wrWeB0wBEoNyP4H+bxZibSHxgFV5WMUjOpS:leVpL4wrWy0wBE044sxwWWsOpS

Entry address:
0x1000

Entry point:
B8, 06, 00, 00, 00, E9, 02, 97, 01, 00, 40, 00, FF, 25, 24, F0, 41, 00, B8, 08, 10, 40, 00, C3, 55, 8B, EC, 81, C4, CC, FC, FF, FF, B8, 06, 00, 00, 00, 89, 35, 47, F0, 41, 00, 89, 0D, 02, F1, 41, 00, BE, BC, 00, 00, 00, B8, D4, 15, 40, 00, 89, 45, FC, B8, E8, 15, 40, 00, 89, 45, F8, A1, 20, 08, 42, 00, 89, 45, F0, 8B, 45, F0, 50, 8B, 45, F4, 50, 8B, 45, F8, 50, 8B, 45, FC, 50, E8, 8C, 06, 00, 00, C7, 05, 3F, F0, 41, 00, 68, 58, 01, 00, 89, 35, 21, F0, 41, 00, 89, 05, D3, F0, 41, 00, 66, C7, 05, 45, F0, 41...
 
[+]

Code size:
102.5 KB (104,960 bytes)

The file call_of_duty_ghosts_2013.exe has been seen being distributed by the following URL.

http://forces.eurodeposits.ru/ODMxO2h0dHA6Ly90b3JyZW50b3IubmV0L3VwbG9hZHMvZmlsZXMvMjAxMy0xMS8xMzgzNjIwNzczX2NhbGwub2YuZHV0eS5naG9zdHMuMjAxMy50b3JyZW50O25hbWU9Q2FsbC5vZi5EdXR5Lkdob3N0cy4yMDEzLnRvcnJlbnQ7c2l6ZT01NDI4O3R5cGU9dG9ycmVudA==

Remove call_of_duty_ghosts_2013.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.