» gta_sa-win7_installer.exe
Overview
Analysis
File Details
Downloads (2)

gta_sa-win7_installer.exe

vshost32-clr2

Sick Labs

The executable gta_sa-win7_installer.exe has been detected as malware by 22 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download1270.mediafire.com and multiple other hosts.

File name:

Publisher:

Sick Labs

Product:

vshost32-clr2

Description:

java.exe

Version:

0.0.0.0

MD5:

722c461f2105c30d4d6a899f7a7f8faa

SHA-1:

9cac10fd4c6f74e7b9a798c5455b9d6d84741796

SHA-256:

d53fe4d3c210fdabda7275fe856ebef0e658a2acd966eece33bef423caa131b1

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

5/21/2024 2:55:37 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Rogue.8499144.1

7.11.114.182

avast!

MSIL:Agent-AFL [Trj]

2014.9-160726

AVG

ILCrypt

2017.0.2671

Bitdefender

Trojan.Generic.8499144

1.0.20.1040

Clam AntiVirus

Win.Trojan.Agent-215310

0.98/18155

Comodo Security

TrojWare.MSIL.Agent.NRE

17303

Emsisoft Anti-Malware

Trojan.Generic.8499144

8.16.07.26.07

ESET NOD32

MSIL/Agent.NRE (variant)

10.9071

Fortinet FortiGate

MSIL/Agent.SYG!tr

7/26/2016

F-Secure

Trojan.Generic.8499144

11.2016-26-07_3

G Data

Trojan.Generic.8499144

16.7.22

IKARUS anti.virus

Trojan.Small

t3scan.2.2.29

K7 AntiVirus

Riskware

13.173.10249

Malwarebytes

Trojan.MSIL.HF

v2016.07.26.07

McAfee

Artemis!722C461F2105

5600.6327

MicroWorld eScan

Trojan.Generic.8499144

17.0.0.624

Norman

Suspicious_Gen4.BVSWZ

11.20160726

Panda Antivirus

Generic Malware

16.07.26.07

Sophos

Mal/Generic-S

4.94

Trend Micro House Call

TROJ_GEN.RCBCEA6

7.2.208

Trend Micro

TROJ_GEN.RCBCEA6

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

23544

File size:

9.5 KB (9,728 bytes)

Product version:

0.0.0.0

.NET Framework

Trademarks:

.NET Framework

Original file name:

ExProtected.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\gta_sa-win7_installer.exe

File PE Metadata

Compilation timestamp:

6/14/2012 2:39:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:5LHbHUgZ8dy/0CGDpV/NnlYJ3l3LTqVpC8Q4:5L7HVZ8ocnph65LTCQ4

Entry address:

0x38CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6.5 KB (6,656 bytes)

The file gta_sa-win7_installer.exe has been seen being distributed by the following 2 URLs.

http://download1270.mediafire.com/7z7li32j9cfg/.../GTA_SA-WIN7_Installer.exe

http://download1506.mediafire.com/46a7jiu8vkxg/.../GTA_SA-WIN7_Installer.exe

Remove gta_sa-win7_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.