home

csgo.exe

The executable csgo.exe has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from www.fayloobmennik.net.
MD5:
7998d84b65237febd91805d6d4a88108

SHA-1:
1d0fef44e59b891dc3bbe5dd902d8b068d25922b

SHA-256:
4b8777b266215b4d10bb8d456ccc357984d19b3280ccf80730b24bcbc6acc9a1

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/25/2024 2:39:51 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoB
1.3.0.4923

Comodo Security
UnclassifiedMalware
17671

Norman
Suspicious_Gen2.VPMZD
11.20140128

Reason Heuristics
Unnamed.Threat.23
14.3.6.9

Rising Antivirus
PE:Trojan.Win32.Generic.145175B1!340882865
23.00.65.14126

File size:
73 KB (74,752 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\counter-strike global offensive\csgo.exe

File PE Metadata
Compilation timestamp:
1/19/2013 7:46:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:JnMHfqAvgVbAxIzsffgLlJhoqMj43jrIhH1m0pPDxfEDGXnnR06PtQvKuzkE5nw4:JMHNoVAMsyqT4zrgVvPbBCSuzkqw4

Entry address:
0x17D1

Entry point:
E8, 8B, 31, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 35, 08, DF, 40, 00, EB, 24, 57, 50, FF, 75, 08, E8, 29, 33, 00, 00, 83, C4, 0C, 85, C0, 75, 10, 8B, 06, 0F, B7, 04, 78, 83, F8, 3D, 74, 1E, 66, 85, C0, 74, 19, 83, C6, 04, 8B, 06, 85, C0, 75, D6, 8B, C6, 2B, 05, 08, DF, 40, 00, C1, F8, 02, F7, D8, 5E, 5D, C3, 8B, C6, 2B, 05, 08, DF, 40, 00, C1, F8, 02, EB, F0, 8B, FF, 55, 8B, EC, 51, 57, 8B, F8, 33, C0, 8B, CF, 85, FF, 74, 4C, 39, 07, 74, 09, 83, C1, 04, 40, 83, 39, 00, 75, F7, 56, 40, 6A...
 
[+]

Entropy:
6.3822

Code size:
34 KB (34,816 bytes)

The file csgo.exe has been seen being distributed by the following URL.

http://www.fayloobmennik.net/files/.../90444790.html?check=69b5c5010ce46f36a443c6586df9d5e8&file=5791302

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.118.89:80)

TCP (HTTP):
Connects to a23-220-203-50.deploy.static.akamaitechnologies.com  (23.220.203.50:80)

Remove csgo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.