home

heavy weapon deluxe.exe

This is a setup program which is used to install the application.
MD5:
7bc24e9844aadbd0b29d1337161788be

SHA-1:
fef4df08b88685375cd22afdf731ddd575f8cceb

SHA-256:
3de86635b687c7d96740ed55b22a0234ab8b5b16b8756b08ab0c8bc89ee19aea

Scanner detections:
5 / 68

Status:
Clean  (5 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 3:23:10 PM UTC  (today)

Scan engine
Detection
Engine version

K7 AntiVirus
Trojan
13.170.9100

Malwarebytes
Trojan.FakeAlert
v2014.09.11.02

Norman
Suspicious_Gen4.BFHAW
11.20140801

Quick Heal
(Suspicious) - DNAScan
8.14.12.00

Zillya! Antivirus
Trojan.Genome.Win32.194226
2.0.0.1850

File size:
570.5 KB (584,192 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
2/16/2005 7:32:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
12288:LDVYACBAhbVebZASNjhR++VraBrdNtx85FAmasj2C0Zm:nVaAjmZASNjhR+Eyy0ej2T

Entry address:
0x1B9001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 90, 1B, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Packer / compiler:
ASPack v2.12

The file heavy weapon deluxe.exe has been seen being distributed by the following URL.

temp:?­?±?¨ ?§?…?¨?§?¨?‡.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to host-213.158.175.74.tedata.net  (213.158.175.74:80)

TCP (HTTP):
Connects to 128.253.36.199.in-addr.arpa  (199.36.253.128:80)

TCP (HTTP):
Connects to host-213.158.175.72.tedata.net  (213.158.175.72:80)

TCP (HTTP):
Connects to a23-50-198-184.deploy.static.akamaitechnologies.com  (23.50.198.184:80)

TCP (HTTP):
Connects to host-213.158.175.35.tedata.net  (213.158.175.35:80)

TCP (HTTP):
Connects to a23-50-149-163.deploy.static.akamaitechnologies.com  (23.50.149.163:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.114.225:80)

TCP (HTTP):
Connects to host-213.158.175.91.tedata.net  (213.158.175.91:80)

TCP (HTTP):
Connects to host-213.158.175.88.tedata.net  (213.158.175.88:80)

TCP (HTTP):
Connects to host-213.158.175.32.tedata.net  (213.158.175.32:80)

TCP (HTTP):
Connects to host-213.158.173.98.tedata.net  (213.158.173.98:80)

TCP (HTTP):
Connects to a92-123-180-9.deploy.akamaitechnologies.com  (92.123.180.9:80)

TCP (HTTP):
Connects to a92-122-180-80.deploy.akamaitechnologies.com  (92.122.180.80:80)

TCP (HTTP):
Connects to a88-221-144-49.deploy.akamaitechnologies.com  (88.221.144.49:80)

TCP (HTTP):
Connects to a84-53-133-25.deploy.akamaitechnologies.com  (84.53.133.25:80)

TCP (HTTP):
Connects to a23-50-181-48.deploy.static.akamaitechnologies.com  (23.50.181.48:80)

TCP (HTTP):
Connects to a23-50-155-27.deploy.static.akamaitechnologies.com  (23.50.155.27:80)

TCP (HTTP):
Connects to a23-35-213-132.deploy.static.akamaitechnologies.com  (23.35.213.132:80)

TCP (HTTP):
Connects to a104-86-248-215.deploy.static.akamaitechnologies.com  (104.86.248.215:80)

Scan heavy weapon deluxe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.