» ffxivupdater.exe
Overview
Analysis
File Details

ffxivupdater.exe

FINAL FANTASY XIV: A Realm Reborn

SQUARE ENIX CO., LTD.

The executable ffxivupdater.exe has been detected as malware by 15 anti-virus scanners.

File name:

ffxivupdater.exe

Publisher:

SQUARE ENIX CO., LTD. (signed and verified)

Product:

FINAL FANTASY XIV: A Realm Reborn

Version:

1, 0, 0, 0

MD5:

028dc4457d0f74d35b23fb15e0966e99

SHA-1:

da5c4713ea9527d36b4baf9a54d2751f131844c4

SHA-256:

225a4409ee5adf3388bfe80163b3fbe6f4c27c8ff508ddeed4517da246ee68ab

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

4/26/2024 10:43:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Worm.Mabezat.Gen

5813571

avast!

Agent-AVCE [Trj]

151224-5

AVG

Win32/Mabezat

2015.0.4489

Clam AntiVirus

W32.Mabezat

0.98/21222

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

10.0.0.5366

ESET NOD32

Win32/Mabezat.A virus

7.0.302.0

F-Prot

W32/Mabezat.A-2

4.6.5.141

F-Secure

Win32.Worm.Mabezat.Gen

5.05.7110

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.1637.0

Norman

Win32.Worm.Mabezat.Gen

17.12.2015 06:34:11

Sophos

Virus 'W32/Mabezat-B'

5.22

VIPRE Antivirus

Threat.303962

46244

File size:

1 MB (1,050,287 bytes)

Product version:

1, 0, 0, 0

Original file name:

ffxivupdater.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My games\final fantasy xiv - a realm reborn\downloads\ffxivupdater.exe

Digital Signature

Signed by:

SQUARE ENIX CO., LTD.

Authority:

VeriSign, Inc.

Valid from:

11/5/2013 1:00:00 AM

Valid to:

11/7/2014 12:59:59 AM

Subject:

CN="SQUARE ENIX CO., LTD.", OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=SQEX, O="SQUARE ENIX CO., LTD.", L=Shinjuku-ku, S=Tokyo, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

017F03997C483FB13D0943F12C629D79

File PE Metadata

Compilation timestamp:

6/24/2014 12:35:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:cw75q3MF19MbazNYgpjqhWnaFc+T3zTsTckKJqbzouNwq3T:F5cgKKpjqQIc+TjTsTcbJq4uWG

Entry address:

0x70677

Entry point:

BB, 35, F9, A8, BC, 93, E9, 20, 01, 00, 00, F8, 9E, 01, FD, A9, 2D, 01, FD, C1, 0C, 8E, 81, 81, 01, 81, 81, 17, 81, 81, 81, E0, B2, B7, B2, B1, B2, BA, B8, B7, 81, 81, 81, F5, E2, FB, E6, E3, E2, EE, E2, AF, E5, ED, ED, 81, 81, 81, 81, DD, 81, 81, 81, C7, F3, E6, E6, CD, EA, E3, F3, E2, F3, FA, 81, C4, F3, E6, E2, F5, E6, C5, EA, F3, E6, E4, F5, F0, F3, FA, C2, 81, 81, 81, 81, C8, E6, F5, D8, EA, EF, E5, F0, F8, F4, C5, EA, F3, E6, E4, F5, F0, F3, FA, C2, 81, 81, 81, 81, C8, E6, F5, CE, F0, E5, F6, ED, E6... 
[+]

Code size:

584.5 KB (598,528 bytes)

Remove ffxivupdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.