» Clientless arena.exe
Overview
Analysis
File Details
Network (1)

Clientless arena.exe

Clientless arena

3DProgrammer

The application Clientless arena.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. While running, it connects to the Internet address ns390469.ip-188-165-244.eu on port 15884.

File name:

Publisher:

3DProgrammer

Product:

Clientless arena

Version:

2.2.0.0

MD5:

8499fb3d0c70f655edbd4cd735e22a17

SHA-1:

2ca54ba9cc5fcfd08ce19447c412635372f65e90

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

5/17/2024 1:26:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.RP.yz0aa8BZ9Ap

468

Agnitum Outpost

Riskware.Themida

7.1.1

Avira AntiVirus

TR/Spy.Agent.1444352.1

8.3.1.6

Arcabit

Trojan.Heur.RP.yz0aa8BZ9Ap

1.0.0.425

avast!

Win32:Malware-gen

2014.9-151025

AVG

Generic12_c

2016.0.2946

Baidu Antivirus

Hacktool.Win32.Packed.Themida

4.0.3.151025

Bitdefender

Gen:Trojan.Heur.RP.yz0aa8BZ9Ap

1.0.20.1490

Bkav FE

W32.HfsAutoB

1.3.0.7062

Emsisoft Anti-Malware

Gen:Trojan.Heur.RP.yz0aa8BZ9Ap

8.15.10.25.05

ESET NOD32

Win32/Packed.Themida suspicious (variant)

9.12051

Fortinet FortiGate

PossibleThreat

10/25/2015

F-Secure

Gen:Trojan.Heur.RP.yz0aa8BZ9Ap

11.2015-25-10_1

G Data

Gen:Trojan.Heur.RP.yz0aa8BZ9Ap

15.10.25

IKARUS anti.virus

Trojan.Win32.Fibedol

t3scan.1.9.5.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1224

McAfee

Artemis!8499FB3D0C70

5600.6602

MicroWorld eScan

Gen:Trojan.Heur.RP.yz0aa8BZ9Ap

16.0.0.894

NANO AntiVirus

Trojan.Win32.Agent.dsfbiy

0.30.24.2996

Panda Antivirus

Trj/Chgt.O

15.10.25.05

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Trend Micro

TROJ_GEN.R047C0EE115

10.465.25

VIPRE Antivirus

Trojan.Win32.Generic

42658

File size:

1.4 MB (1,444,352 bytes)

Product version:

2.2.0.0

Original file name:

Clientless arena.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

4/12/2015 2:36:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:ideCa/zX+XoEjscB/yXbZLVDMUtpabf1dsfMd100bMnW42dITa7V0nX:ueD/zXwoEAh9JRfugfC1EWKTaen

Entry address:

0x3A8000

Entry point:

56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 80, 15, 00, 2D, 00, 82, 0C, 10, 05, F7, 81, 0C, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, A8, CC, A6, 5F, 68, 67, 24, E5, 38, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 9D, C1, D9, 31, A6, 65, 86, AB, A7, 17, 45, 50, 89, 1E, F1, 70... 
[+]

Entropy:

7.9357 (probably packed)

Code size:

64.5 KB (66,048 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:

Connects to ns390469.ip-188-165-244.eu (188.165.244.8:15884)

Remove Clientless arena.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.