farmfrenzy3.exe

Alawar Entertainment Inc

The executable farmfrenzy3.exe has been detected as malware by 16 anti-virus scanners. While running, it connects to the Internet address ru2-2.srv.alawar.com on port 80 using the HTTP protocol.
Publisher:
Alawar Entertainment Inc  (signed and verified)

MD5:
92303707e93c5a36a20685ebdff6151c

SHA-1:
2f8cee487226ac7fc1f07a9d7812e5e940d751bb

SHA-256:
b2bd4ed10dfd4fc16ce6dbee90c38b9d0f202c38af341b4478c092c37daadd04

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
1/21/2018 9:45:43 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DR.Agent2
7.1.1

AVG
Dropper.Agent
2015.0.3560

ByteHero BDV
Trojan.Win32.Heur.Gen
2.17.2014.10

eSafe
Win32.TRDrop.Agent.C
7.0.17.0

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.2.0.3.0

McAfee
Artemis!92303707E93C
5600.7216

McAfee Web Gateway
Artemis!92303707E93C
7.7216

Norman
Suspicious_Gen2.HHPYH
11.20140217

nProtect
Trojan-Dropper/W32.Agent.1064760
13.06.12.04

Panda Antivirus
Generic Trojan
14.02.17.09

The Hacker
Trojan/Dropper.Agent.cvhy
6.8.0.2.48

Trend Micro House Call
TROJ_GEN.RC1CEET
7.2.48

Trend Micro
TROJ_GEN.RC1CEET
10.465.17

Vba32 AntiVirus
TrojanDropper.Agent
3.12.22.2

VIPRE Antivirus
Trojan-Dropper.Win32.Agent
18640

ViRobot
JS.A.Pakes.1064760
2011.4.7.4223

File size:
1 MB (1,064,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\farm frenzy 3\farmfrenzy3.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/23/2008 2:00:00 AM

Valid to:
1/2/2012 1:59:59 AM

Subject:
CN=Alawar Entertainment Inc, OU=-, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Alawar Entertainment Inc, L=Alexandria, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
261442C16C7FA2318392D768A351391F

File PE Metadata
Compilation timestamp:
7/14/2009 11:50:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:niVP6OOn0h9vKnm3MRWdfS0H8ssb0Wx+7peQWKNSjo:yYiv1NNS0cssb0Wx+7pe3s9

Entry address:
0x1000

Entry point:
68, 01, 20, 4F, 00, E8, 01, 00, 00, 00, C3, C3, EC, 83, 63, C2, B3, 72, 96, C8, 6F, E0, 55, E7, DC, F9, 11, 85, C9, 5D, A6, 55, A3, 03, A5, 23, 27, 20, CE, 32, 6D, 50, B0, 7C, 1B, 6F, FA, FB, 30, AF, 6C, BB, 9B, 61, 08, 04, B1, 4F, FA, 59, A4, 08, 4F, B0, 91, 19, EB, 48, 90, E9, 3D, C6, F7, CA, 25, 84, CC, E0, 24, 63, EF, A9, 10, 32, 3C, 8C, 52, AC, 31, A3, 5C, A8, 5B, 44, 9F, BF, 0D, 3C, 1A, 8E, 42, 4E, CF, 08, D0, 2F, 65, CE, 37, F8, FB, A5, 92, 42, E1, 05, AD, 79, D3, BE, E3, A7, 63, 8B, C3, 6D, E5, CC...
 
[+]

Entropy:
6.6067

Code size:
25 KB (25,600 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ru2-2.srv.alawar.com  (95.131.28.244:80)

TCP (HTTP):
Connects to ch4plpkivs-v03.any.prod.ord1.secureserver.net  (50.63.243.230:80)

Remove farmfrenzy3.exe - Powered by Reason Core Security