» Inventory A+.exe
Overview
Analysis
File Details
Downloads (4)

Inventory A+.exe

Inventory A+

garenaworld.com

The executable Inventory A+.exe has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from dl-mail.ymail.com and multiple other hosts.

File name:

Inventory A+.exe

Publisher:

garenaworld.com

Product:

Inventory A+

Version:

3.1

MD5:

6cfcaa8eb8202eff18932f2b9cf71290

SHA-1:

ce87f9bc456887d288491384a485581d89997834

SHA-256:

d1e951fe80afdfe009fcd7795cb3ac987c6f74be879581f6bcffefaa4e7820c7

Scanner detections:

13 / 68

Status:

Malware

Analysis date:

4/19/2024 1:24:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11737224

852

avast!

Win32:Dropper-gen [Drp]

2014.9-141006

Bitdefender

Trojan.Generic.11737224

1.0.20.1395

Dr.Web

Trojan.BPlug.61

9.0.1.0279

Emsisoft Anti-Malware

Trojan.Generic.11737224

8.14.10.06.09

F-Secure

Trojan.Generic.11737224

11.2014-06-10_2

G Data

Trojan.Generic.11737224

14.10.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.7.8.0

McAfee

Artemis!B7935B71BAB5

5600.6986

MicroWorld eScan

Trojan.Generic.11737224

15.0.0.837

Norman

Suspicious_Gen4.HAETL

11.20141006

nProtect

Trojan.Generic.11737224

14.09.23.01

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.6.9

File size:

713 KB (730,112 bytes)

Product version:

3.1.0

Original file name:

Inventory A+.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\inventory a+.exe

File PE Metadata

Compilation timestamp:

5/17/2013 2:24:02 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:VsFkEcnQjJ1Q2WKfNz/pnyZE8hdGM+8XP6mqNCLl1FTi41hrFH3Fkb0rm5wdTbkB:VJEcQF1Q2WWLm/B1FTighrd3Ri5Cbn85

Entry address:

0x833CA

Entry point:

E8, B2, 5E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 56, 83, FB, 04, 72, 75, 8D, 73, FC, 85, F6, 74, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 75, FC, 72, C2, EB, 2E, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46... 
[+]

Entropy:

6.6709

Code size:

575 KB (588,800 bytes)

The file Inventory A+.exe has been seen being distributed by the following 4 URLs.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-FuwR_TiXdSku2aE-7jM6sNGQM3Z6xcd9GlidLr_3eJkUlQ2zcO8UrC2ASrRQg0_iGH4nkLovJSeSm65J69qU1w/messages/@.id==AMW-imIAAS2xVzwU8g0rGFDLMQc/content/parts/@.id==3/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbFvLJ89VSIhdK1hX8Uq2AG_tmbZU_QP6bd5QzJLzvu9w&error=https://us-mg5.mail.yahoo.com/.../iframemsg?id=09a57ec6-36f0-2b6b-90ab-c2f3206fd309&ymreqid=c09b9e01-7d41-762c-0127-4e0017010000

http://www.garenaworld.com/dotahotkeys.php?id=inventory_a

http://www.garenaworld.com/Inventory A .exe

http://www.garenaworld.com/getfile.php?id=inventory_a_dota_hotkeys

Remove Inventory A+.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.