» flyforheroinstaller.exe
Overview
Analysis
File Details
Downloads (1)

flyforheroinstaller.exe

Rawr Games LTD

This is a self-extracting archive and installer. The file has been seen being downloaded from flyforherpatch.com.

File name:

Publisher:

Rawr Games LTD (signed and verified)

Version:

1.0.0.0

MD5:

cdd63587612aa16b2bdddba8ba1bfd55

SHA-1:

22e878de29c5d5010edeb59aa3fb12931afe2250

SHA-256:

8d516bc964b3960f80beecf93385179ae45884d2729dd09e9a02bff4b485b943

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 10:24:41 PM UTC (today)

File size:

5.6 MB (5,862,504 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\flyforheroinstaller\flyforheroinstaller.exe

Digital Signature

Signed by:

Rawr Games LTD

Authority:

COMODO CA Limited

Valid from:

10/12/2012 2:00:00 AM

Valid to:

10/13/2013 1:59:59 AM

Subject:

CN=Rawr Games LTD, O=Rawr Games LTD, STREET=10 Falcon way, L=Basildon, S=Essex, PostalCode=SS165JA, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F609B1227EF1895707AF92C4A1381DBC

File PE Metadata

Compilation timestamp:

10/12/2012 11:09:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:MT1M3IdaeFVRUt4piIoxwBzX66r+i6GNQO702nTbzYLgGf6+:MQe9c4pirAK6KONQW0sILV

Entry address:

0x1FEF70

Entry point:

55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, 0C, 5B, 5F, 00, E8, CF, BE, E0, FF, 33, C0, 55, 68, 42, F0, 5F, 00, 64, FF, 30, 64, 89, 20, A1, 14, B2, 61, 00, 8B, 00, E8, E1, CC, FA, FF, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 14, 59, E0, FF, 8B, 45, EC, BA, 5C, F0, 5F, 00, E8, 83, 8E, E0, FF, 75, 4D, B8, BC, 5A, 5F, 00, E8, 83, 98, E2, FF, B2, 01, A1, 94, E9, 5E, 00, E8, 5F, 60, E0, FF, A3, 44, 16, 62, 00, A1, 44, 16, 62, 00, 80, 78, 70, 00, 75, 0C, A1, 14, B2, 61, 00, 8B, 00, E8, 7B, CC, FA, FF, A1, 44, 16... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2 MB (2,086,912 bytes)

The file flyforheroinstaller.exe has been seen being distributed by the following URL.

http://flyforherpatch.com/FlyForHeroInstall.exe

Scan flyforheroinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.