home

cm-ra2tr.exe

Trainer

CyberMan's Production

The executable cm-ra2tr.exe, “This is the game trainer” has been detected as malware by 9 anti-virus scanners. The file has been seen being downloaded from download1010.mediafire.com and multiple other hosts.
Publisher:
CyberMan's Production

Product:
Trainer

Description:
This is the game trainer

Version:
4, 2, 0, 0

MD5:
cdd249b0d8a78dc1b041a2ed44aa7c62

SHA-1:
8150960730b54bc9749e5467a2eba8ac80b56da0

SHA-256:
191fb59f9de3bcde3ffcd183ab0dc4e5ccce07f440181fe07aed00c644ff59af

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/20/2024 5:29:41 AM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Nilage.gen!GSA
v6.4.7.1.166

NANO AntiVirus
Trojan.Win32.Kazy.cpqgog
0.28.0.60100

Norman
Suspicious_Gen5.AVSJ
11.20140610

Quick Heal
(Suspicious) - DNAScan
6.14.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.126B76EF!309032687
23.00.65.14608

Trend Micro House Call
CRCK_PATCHER
7.2.161

Trend Micro
CRCK_PATCHER
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
30090

XVirus List
Win32.Detected
2.6.10

File size:
13 KB (13,312 bytes)

Product version:
1, 0, 0, 0

Copyright:
PMHE Copyright © 1999-2001 By CyberMan

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
9/26/2001 4:10:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:jSW8dS90f3khaoU3dA26zaTRi1c63osK/Q:OxdxMhtkdA2DRi11ob/

Entry address:
0x1E380

Entry point:
60, BE, 00, C0, 41, 00, 8D, BE, 00, 50, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
6.9240

Packer / compiler:
UPX 2.90LZMA]

Code size:
12 KB (12,288 bytes)

The file cm-ra2tr.exe has been seen being distributed by the following 21 URLs.

http://download1010.mediafire.com/bfwsti6hy5sg/.../cm-ra2tr.exe

http://download1010.mediafire.com/2dl698pbi8yg/.../cm-ra2tr.exe

http://download1583.mediafire.com/1jl4r83gyj0g/.../cm-ra2tr.exe

http://download1010.mediafire.com/925r1czxltsg/.../cm-ra2tr.exe

about:internet

http://download1010.mediafire.com/cwxuqhkj89cg/.../cm-ra2tr.exe

http://download1583.mediafire.com/xnfmtbec4w6g/.../cm-ra2tr.exe

http://download2045.mediafire.com/1bkfpsj9yang/.../cm-ra2tr.exe

http://downloads.ziddu.com/downloadfiless/.../Yuri.exe

http://download1583.mediafire.com/z766h4l7e7mg/.../cm-ra2tr.exe

http://download1583.mediafire.com/gmyt1zxthjsg/.../??????????????? Yuri (?????????....???????).exe

http://download1583.mediafire.com/5sj9ixe7p9vg/.../cm-ra2tr.exe

http://download1583.mediafire.com/b5n5mvz555cg/.../cm-ra2tr.exe

http://download1583.mediafire.com/6o5magtvngag/.../cm-ra2tr.exe

http://download1583.mediafire.com/41sd94xlm3tg/.../cm-ra2tr.exe

http://download1583.mediafire.com/8zkx65i7wnfg/.../??????????????? Yuri (?????????....???????).exe

http://downloads.ziddu.com/downloadfiles/.../Yuri.exe

http://download1583.mediafire.com/8fa9eo56o05g/.../cm-ra2tr.exe

http://dc260.4shared.com/download/.../_yuri.exe

http://download1583.mediafire.com/mvz2prfn9bmg/.../cm-ra2tr.exe

http://download1583.mediafire.com/uaqh7xkjjxzg/.../cm-ra2tr.exe

Remove cm-ra2tr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.