home

CheckXPAdminAction.exe

F1 2010

Codemasters Software Company Limited

The executable CheckXPAdminAction.exe, “F1 2010 Custom Action Executable” has been detected as malware by 9 anti-virus scanners.
Publisher:
Codemasters  (signed by Codemasters Software Company Limited)

Product:
F1 2010

Description:
F1 2010 Custom Action Executable

Version:
1, 0, 0, 0

MD5:
551e37aa311916543a994a567d655c86

SHA-1:
28a130fae25fbbf6890a82d2928af6fb9c449f86

SHA-256:
a31c05f76a82286bd30d2c70a18220ff10f9a5a2a57c5f86a1c66411e5b2bad9

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/23/2024 2:46:37 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160518-2

AVG
Win32/Mabezat
2015.0.4591

Emsisoft Anti-Malware
Win32.Worm.Mabezat.Gen
16.07.12

ESET NOD32
Win32/Mabezat.A virus
8.0.319.0

F-Prot
W32/Mabezat.A-2
4.6.5.141

F-Secure
Win32.Worm.Mabezat.Gen
5.15.96

Kaspersky
Worm.Win32.Mabezat
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.1244.0

Norman
Win32.Worm.Mabezat.Gen
19.05.2016 01:04:49

File size:
228.2 KB (233,711 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright (C) 2007

Original file name:
CheckXPAdminAction.exe

File type:
Executable application (Win32 EXE)

Language:
English (Wielka Brytania)

Digital Signature
Signed by:
Codemasters Software Company Limited

Authority:
VeriSign, Inc.

Valid from:
8/11/2010 2:00:00 AM

Valid to:
8/11/2012 1:59:59 AM

Subject:
CN=Codemasters Software Company Limited, OU=Testing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Codemasters Software Company Limited, L=Southam, S=Warwickshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
51DF39D1E72433A404DA544965155E8F

File PE Metadata
Compilation timestamp:
7/29/2010 11:58:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
3072:Ij8KpbVgcNtCwZpPXW9DMaeOU3CjtHUqC5HEx4cEck+RvosU9273mzQDq:IjBpbVaaXWwT3QHNC55cZvU9yWzOq

Entry address:
0x22AF

Entry point:
BB, C3, 9F, D1, 08, 93, E9, 20, 01, 00, 00, CB, 71, D4, D0, 7C, 00, D4, D0, D4, 69, 55, 54, 54, D4, 54, 54, 31, 54, 54, 54, B3, 85, 8A, 85, 84, 85, 8D, 8B, 8A, 54, 54, 54, C8, B5, CE, B9, B6, B5, C1, B5, 82, B8, C0, C0, 54, 54, 54, 54, B0, 54, 54, 54, 9A, C6, B9, B9, A0, BD, B6, C6, B5, C6, CD, 54, 97, C6, B9, B5, C8, B9, 98, BD, C6, B9, B7, C8, C3, C6, CD, 95, 54, 54, 54, 54, 9B, B9, C8, AB, BD, C2, B8, C3, CB, C7, 98, BD, C6, B9, B7, C8, C3, C6, CD, 95, 54, 54, 54, 54, 9B, B9, C8, A1, C3, B8, C9, C0, B9...
 
[+]

Code size:
36 KB (36,864 bytes)

Remove CheckXPAdminAction.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.