» cenega_poland_oblivion_pl.exe
Overview
Analysis
File Details
Programs (1)
Downloads (21)

cenega_poland_oblivion_pl.exe

The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from www.download.cenega.pl and multiple other hosts.

File name:

Description:

Oblivion PL Setup

MD5:

b54374c8bbf1bfe07747894beb723fc4

SHA-1:

c7b947ff9e723482803ce2cfbba21a78a0477a96

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/19/2024 1:18:11 PM UTC (today)

File size:

203.9 MB (213,791,555 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

English (United States)

Common path:

C:\documents and settings\babik\moje dokumenty\cenega_poland_oblivion_pl.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6291456:QQOo3JdLdTyBBC83knGq87hJbgkV202JMzZhEBw:bLdTsCzD+JUkV202J6ZhEBw

Entry address:

0x97F0

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, D6, 98, FF, FF, E8, DD, AA, FF, FF, E8, 00, CD, FF, FF, E8, 47, CD, FF, FF, E8, 3E, F3, FF, FF, E8, A5, F4, FF, FF, 33, C0, 55, 68, 9A, 9E, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 50, 9E, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 5A, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C0, D1, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 87, 99, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

The file cenega_poland_oblivion_pl.exe has been discovered within the following program.

Oblivion by Bethesda Softworks

The Elder Scrolls IV: Oblivion is an action role-playing video game developed by Bethesda Game Studios and published by Bethesda Softworks and the Take-Two Interactive subsidiary 2K Games.

www.bethsoft.com

9% remove it

The file cenega_poland_oblivion_pl.exe has been seen being distributed by the following 21 URLs.

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=87428546d710787a79aed758e204ec74

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=bdcuv7ou80be1d4ae1j6rl5kt1

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=8tc3fp44r8mjjuqhsmh0b1q6a5

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=d2lIWWpwc2lTbEk2bW9xMmdBN1R4NEc4ZGpVckhOekp0U2IyNHRJZGVxZWZZQkF6YXAveFEyMGp1bTVEOGpHcHp1N1IrN2JCZm04RmUxVi9rUGc4Z05XUm1xYWlWWExWdVdXcHgycExDOTBKUWJsZkJHYzVSN1kwMnVuNjZCRzlIbyttSE1XWFF3Z1RCNm1LY3R4UUhBPT0=

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=lrqp92rlfdp8b4urio2bkoh2h6

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=84357iqkor58shfcl2371cbdv0

http://s10014.chomikuj.pl/File.aspx?e=LzVSNmEWWMAf7vjCODlQ7ZsqSNTJ0nx4Sj09PUNM2uMYUOaTPFOg0n5k-xs6DISgGQAKIRwGmzvyQLRklGuyZP1gS-tiIEHBkCDy-WW1dUTCRi1O2zCcrHE3383Bp_y_52D3jCbXmsQ1FmFvri_y-iMCZlvOma7M4H2d7SMTsmQ&pv=2

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=npt0tj8iavcp3fvi0v9k87oqu7

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=gm4aaoet6lkndkf7afs8ktr0q1

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=50viq9njlefo87k8co93febit6

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=vall11blf86qlbaonarmsh66e2

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=cmmu9pt8sp79vvtl83gvmggtn7

http://www.download.cenega.pl/.../status.php?ID=1009&PHPSESSID=4usicqopo7fgcq1gnpu36k6oc5

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxWEVpUUFldENwR1hFZzJyQXZxbzVOZ1Y1Z0tMbXFnMWdXY2REcTRHWDUwYWROSk5aTDM4VW1YbFd1dEVpQk55UGZLMG5QaENwUHZiL3V2UzB3N0xWOVBSMmNvcTI4Z05RVGRtZ2xwZzI1OGxpWTZ1UUVNRmhJb1JxT3pDOWxGL2NRPT0=

http://s8043.chomikuj.pl/File.aspx?e=LzVSNmEWWMAf7vjCODlQ7dVqJOKm8Qsk0hUMyDgI5Bgga-R1Xrn2L4qcCZNvdjNRlcftOLXx7WkuzsLJdAmNHuq43scxBzpPO07tVPt-U8ZYLDvNEr6MkOXO1qcI3rzORzSpJNGP3oa8tXyFhCs7tw&pv=2

http://s8043.chomikuj.pl/File.aspx?e=LzVSNmEWWMAf7vjCODlQ7ZsqSNTJ0nx4Sj09PUNM2uOSOVGhvM036QJ9UNv7Qc0bfeacYX9NT2SxezCgZIvFIMj-W142IhE0Ul5nIMNGrG4Nb9HzSLPbMdYsYy04ewOEIbJjPIsRWVfV19Y-DeLdYbmryoq58S5HITvUZby7vII&pv=2

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxWEVpUUFldENwR1hFZzJyQXZxbzVOZ1Y1Z0tMbXFnMWdXY2REcTRHWDUwYXl1Sloya05RK0hJN3RNZkZDZWc4K0crdTVhV1I2TW1iZGYvYTNNU2dBc2lld2tScGNkYlBreGxvNjlFSVArSUpJUFI3N21YTGFkZVptSmhRSDNhczNRPT0=

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=SUYrN2xqUXFHbVg5KzhybjBrRUwxWEVpUUFldENwR1hFZzJyQXZxbzVOZ1Y1Z0tMbXFnMWdXY2REcTRHWDUwYStFUmt6MkMzbktLUFdRdzJ5QW5iRFZJZ1lUM0ZMY0lBaU1sMkw1d1NvWTQ1QXFXKzFKUEJob2JyVTNrcytPaHNsMUJZRVQ4SCt4WU8rd3RIYjM5dndnPT0=

http://s8043.chomikuj.pl/File.aspx?e=LzVSNmEWWMAf7vjCODlQ7Rr3u6GXbgPSazLuvjxlZEGzM059bu0rqTG2GJrouy1aEvghgdivo89qG643P645GCG_ZNhkNSH642gIIWId3FI5UmMc2UtfUUHFRfb4mKw2gu-hT-Ft59tyq-oSgDrvv-sOfZx7AnR6RIXfzk1zHT0&pv=2

http://www.gry-online.pl/.../przekieruj_ftp.asp?TOKEN=a3JoZVpYaXUxZW5aejhzMUplTE16ZDRsblNsNGdIMDBZbGo0NnB2a0hNQ3BNbVVXeHJ4N3drRjdKNU1iSS8rREJhMXg3SS90YjJQN3lwSitPcGg5ejZIemYwQ3NvU011OUpacEVoNGJFWVAzcmZVVm5xTk5Vb05yb1AvZFZvckY=

http://s8043.chomikuj.pl/File.aspx?e=LzVSNmEWWMAf7vjCODlQ7VvrgXZMyn8Bm85zfV-5RSa_d4xBg7WIeSA7KIRpZC1J0359CkogK-MMdtzDQhn_UUZOqOrMOTJZt7F8-yMXO0oaQ-On7G_Lz62qze3NG8gA5T5CeEgdvDnsl4mzQHcLHg&pv=2

Scan cenega_poland_oblivion_pl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.