» chaosrage_en_us.exe
Overview
Analysis
File Details
Downloads (2)

chaosrage_en_us.exe

337 Technology Limited

The application chaosrage_en_us.exe by 337 Technology Limited has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.game.soft365.com and multiple other hosts.

File name:

chaosrage_en_us.exe

Publisher:

337 Technology Limited (signed and verified)

MD5:

1c7cace100ca26a1e5dfe361a689c8f4

SHA-1:

86882b28ec01aa7f89e6d4c4de8554baed701b7c

SHA-256:

67f7414f256b9bd98944e8499ec6d02ea226b8d5ab55988ed8363ad1df9b0435

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

5/3/2024 7:18:45 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Elex

4.0.3.14819

Reason Heuristics

PUP.337TechnologyLimited.P

14.8.19.11

File size:

591.9 KB (606,088 bytes)

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\chaosrage_en_us.exe

Digital Signature

Signed by:

337 Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

6/25/2012 5:04:18 AM

Valid to:

6/26/2015 5:04:18 AM

Subject:

CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata

Compilation timestamp:

11/19/2010 8:00:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:H430KrWkNxXCb7xMyY3xb6Uau3t21lR1dSgJDL71eqsQjCgbb6YvBESbXC/N:H4khkNxyXxMyYrT3t2LR1dSANOeSaZSl

Entry address:

0x1238F

Entry point:

55, 8B, EC, 6A, FF, 68, B8, 50, 41, 00, 68, 20, 25, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 80, 31, 41, 00, 59, 83, 0D, 64, 99, 41, 00, FF, 83, 0D, 68, 99, 41, 00, FF, FF, 15, 84, 31, 41, 00, 8B, 0D, 40, 79, 41, 00, 89, 08, FF, 15, 88, 31, 41, 00, 8B, 0D, 3C, 79, 41, 00, 89, 08, A1, 8C, 31, 41, 00, 8B, 00, A3, 60, 99, 41, 00, E8, 1D, 01, 00, 00, 39, 1D, 30, 77, 41, 00, 75, 0C, 68, 18, 25, 41, 00, FF, 15, 90, 31... 
[+]

Entropy:

7.9001

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

70.5 KB (72,192 bytes)

The file chaosrage_en_us.exe has been seen being distributed by the following 2 URLs.

http://dl.game.soft365.com/dl/chaosrage/.../

http://apps.soft365.com/images/Chaos_Rage/.../chaosrage_en_us.exe

Remove chaosrage_en_us.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.