» classicgames4.exe
Overview
Analysis
File Details
Downloads (1)

classicgames4.exe

Mpagosx, S.L.

The application classicgames4.exe by Mpagosx, S.L has been detected as adware by 14 anti-malware scanners. The file has been seen being downloaded from www.100classicgames.com.

File name:

classicgames4.exe

Publisher:

Mpagosx, S.L. (signed and verified)

MD5:

1cc3bdf9a3c86398e3a3923de1101cd4

SHA-1:

116df97fefc79a02d41f30b22fbc58fc8d34a27b

SHA-256:

f4131a8e1c39619281331f277c0d79eaf1d58949885c3ad1cd7b8dac2f79b36c

Scanner detections:

14 / 68

Status:

Adware

Analysis date:

4/20/2024 2:12:34 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.61685

777

AegisLab AV Signature

AdWare.MSIL.DomaIQ

2.1.4+

AhnLab V3 Security

PUP/Win32.Yaimo

2014.10.27

avast!

Win32:Yaimo-B [Adw]

2014.9-141219

AVG

Mpagosx

2015.0.3255

Bitdefender

Gen:Variant.Strictor.61685

1.0.20.1765

Emsisoft Anti-Malware

Gen:Variant.Strictor.61685

8.14.12.19.01

F-Secure

Gen:Variant.Strictor.61685

11.2014-19-12_6

G Data

Gen:Variant.Strictor.61685

14.12.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.8.0

McAfee

Artemis!1CC3BDF9A3C8

5600.6911

MicroWorld eScan

Gen:Variant.Strictor.61685

15.0.0.1059

Reason Heuristics

PUP.MpagosxSL.N

14.12.19.13

VIPRE Antivirus

Trojan.Win32.Generic

34260

File size:

209.3 KB (214,344 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\classicgames4.exe

Digital Signature

Signed by:

Mpagosx, S.L.

Authority:

DigiCert Inc

Valid from:

10/1/2013 4:00:00 AM

Valid to:

10/6/2014 4:00:00 PM

Subject:

CN="Mpagosx, S.L.", O="Mpagosx, S.L.", L=Cornella de Llobregat, S=Barcelona, C=ES

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

03CACC59110CD7A6D5B2E5BEDBE8D8C7

File PE Metadata

Compilation timestamp:

10/23/2013 3:24:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:1pY5Ww4MvDok2Ns52HM8/w16JNqsuPoYNppQraNRbJna2cd5HIDsWjcdzTId+IvC:1pY5W9ZkuvM6JODRaZ5HIs3Id+qAgpm

Entry address:

0x8400

Entry point:

E8, E4, 5F, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 0C, E1, 41, 00, 6A, 01, A3, BC, A1, 42, 00, E8, 0C, 61, 00, 00, FF, 75, 08, E8, 08, 49, 00, 00, 83, 3D, BC, A1, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, F2, 60, 00, 00, 59, 68, 09, 04, 00, C0, E8, D6, 48, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, EB, EC, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, A0, 9F, 42, 00, 89, 0D, 9C, 9F, 42, 00, 89, 15, 98, 9F, 42, 00, 89, 1D, 94, 9F, 42, 00, 89, 35, 90, 9F, 42, 00, 89, 3D, 8C... 
[+]

Entropy:

5.8540

Code size:

113 KB (115,712 bytes)

The file classicgames4.exe has been seen being distributed by the following URL.

http://www.100classicgames.com/dwn/.../classicgames4.exe

Remove classicgames4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.