home

loader.exe

GamingOnSteroids

This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.disk.yandex.com.tr and multiple other hosts.
Publisher:
GamingOnSteroids

Product:
GamingOnSteroids

Description:
Loader

Version:
2.3.0.0

MD5:
26a83a43365d696a141d548e28b7880f

SHA-1:
93fcd0a2dafb762b6ea873c060800da8f3ae3a0d

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/30/2024 6:43:21 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.1648

Bkav FE
HW32.Packed
1.3.0.7744

F-Prot
W32/Downloader.K.gen
v6.4.7.1.166

Panda Antivirus
Trj/Genetic.gen
16.04.08.06

Qihoo 360 Security
HEUR/QVM19.1.0000.Malware.Gen
1.0.0.1120

File size:
2.8 MB (2,912,256 bytes)

Product version:
2.3.0.0

Original file name:
Loader

File type:
Executable application (Win32 EXE)

Language:
Bulgarian

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:1EHkimHzDz1zN8+qh/RuYC6LYAiKDq3FVhlJdST4GJxYtxbydH6UqpDsEh:1EkzDz1piJWXGbYrbydTo

Entry address:
0x66BF7F

Entry point:
EB, 08, 62, F1, 00, 00, 00, 00, 00, 00, E9, 48, C9, D5, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9668  (probably packed)

Code size:
2.7 MB (2,871,296 bytes)

The file loader.exe has been seen being distributed by the following 5 URLs.

https://downloader.disk.yandex.com.tr/disk/c885e5657dcb643b7a22a5b3e5c8b82946fb38c4cba21d109562ba33bd8e7d58/57764fe4/.../x-msdownload&fsize=1708544&hid=a1434fffc8ac58addf6d59689dd04b45&media_type=executable&tknv=v2

http://gamingonsteroids.com/cdn-cgi/l/.../s&jschl_answer=9404

http://gamingonsteroids.com/cdn-cgi/.../chk_jschl?jschl_vc=ed3deb24640eb57e54c94121dcb10b85&pass=1460558580.975-Rg3a2Wx6gg&jschl_answer=1352240

http://gamingonsteroids.com/.../Loader.exe

http://gamingonsteroids.com/forum/.../

Scan loader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.