home

hd2_sabresquadron.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s10264.chomikuj.pl.
MD5:
6e62059c716ced00f116bec0211d1280

SHA-1:
65a19018a54fb701d29882ff1f45f45fc96a927b

SHA-256:
743b58f57ab3bba4c60fd97ef6586ff00d407071f0e36a03abc5fe37efba5e70

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 10:54:29 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Suspicious_Gen5.BXZL
11.20140114

VIPRE Antivirus
FraudTool.Win32.MSRemovalTool.ek!a
20696

File size:
6.6 MB (6,889,472 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hd2_sabresquadron.exe

File PE Metadata
Compilation timestamp:
10/18/2004 12:49:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:xqvGkqnxGkoLLqPqmq7GEqCqal0oqDkAqrGBzGhquetqwqcq/mGq8qzqtqLS8q+E:xqvGkqnxGkoLLqPqmq7GEqCqal0oqDk5

Entry address:
0x596A05

Entry point:
60, E8, 0D, 00, 00, 00, 4B, 45, 52, 4E, 45, 4C, 33, 32, 2E, 44, 4C, 4C, 00, FF, 15, BC, F0, 80, 00, 50, E8, 0D, 00, 00, 00, 43, 72, 65, 61, 74, 65, 54, 68, 72, 65, 61, 64, 00, 50, FF, 15, 34, F1, 80, 00, A3, 60, FE, B4, 00, 58, 50, E8, 13, 00, 00, 00, 47, 65, 74, 43, 75, 72, 72, 65, 6E, 74, 54, 68, 72, 65, 61, 64, 49, 64, 00, 50, FF, 15, 34, F1, 80, 00, A3, B8, ED, B4, 00, 58, 50, E8, 09, 00, 00, 00, 53, 65, 74, 45, 76, 65, 6E, 74, 00, 50, FF, 15, 34, F1, 80, 00, A3, 24, 00, B5, 00, 58, 50, E8, 0B, 00, 00...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
4.8 MB (5,079,040 bytes)

Windows Firewall Allowed Program
Name:
C:\Programmi\Illusion Softworks\Hidden & Dangerous 2\HD2_SabreSquadron.exe


The file hd2_sabresquadron.exe has been seen being distributed by the following URL.

http://s10264.chomikuj.pl/File.aspx?e=DsZDPz3umVV-r7zIS2hY0p_uuZW6IR5iTdRacgzvQ4uUsICsQVT8QqA_4yK8n11ChvzyacjspMzgeE9bg7EkBBpMBJU8kghYWFIpcVzPAaA4s7WUL2FtA9nSBRFZsK-V5Az6CZvlSkKRIv-g53eNYQ&pv=2

Scan hd2_sabresquadron.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.