» lastconundrumofdavincideluxe.exe
Overview
Analysis
File Details
Downloads (2)

lastconundrumofdavincideluxe.exe

Gamehitzone Inc.

The application lastconundrumofdavincideluxe.exe by Gamehitzone has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from indir.gezginler.net and multiple other hosts.

File name:

Publisher:

GameHitZone.com (signed by Gamehitzone Inc.)

MD5:

4a85c99ed7ebc72113e29078ee9e9ca5

SHA-1:

b0c1eee5f8f84ef1f208dda5ab57ee229d41e3ca

SHA-256:

a8c97a909303defa1e3e93e9ba1ea3eeb3332c60c99e7fca1120c1a75d5059e9

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 1:12:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Installer.Gamehitzone

15.5.16.5

Rising Antivirus

PE:Trojan.Win32.SpeedingUpMyPC.a!1075357520

23.00.65.15514

File size:

24 MB (25,186,352 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\lastconundrumofdavincideluxe.exe

Digital Signature

Signed by:

Gamehitzone Inc.

Authority:

GlobalSign nv-sa

Valid from:

10/3/2014 5:33:05 AM

Valid to:

1/3/2018 5:33:05 AM

Subject:

E=abuse@gamehitzone.com, CN=Gamehitzone Inc., O=Gamehitzone Inc., L=Belize City, S=Belize, C=BZ

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11212DA109C716E14D8F300F2D8DD9ACEBA0

File PE Metadata

Compilation timestamp:

10/12/2013 10:19:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

786432:W4pC2R3n6XnVasxUtDHYV0lIQJ35FUX+CCz:FpC2R3KVVU5/IQJ3ylO

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9992

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file lastconundrumofdavincideluxe.exe has been seen being distributed by the following 2 URLs.

http://indir.gezginler.net/i/34595/.../

http://www.gamehitzone.com/.../LastConundrumOfDaVinciDeluxe.exe

Remove lastconundrumofdavincideluxe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.