maingame.exe

The executable maingame.exe has been detected as malware by 4 anti-virus scanners. While running, it connects to the Internet address 31.b5.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
MD5:
c19baef6155f1ded9b6fc60cd3669b2f

SHA-1:
815c4cf7eb063168b91615ace4447d6efb0fb555

SHA-256:
33766f9861d6f0d6d41770310fb8ba0f5d075fc18ff0e1a38a2e210f67daacc2

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/25/2017 8:56:51 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Genome
7.1.1

McAfee
Generic.dx!xpu
5600.7226

McAfee Web Gateway
Generic.dx!xpu
7.7226

VIPRE Antivirus
Trojan.Win32.Generic
21012

File size:
598.5 KB (612,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\galaxy\maingame.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:aBPq5u1235zLHSJLgo6FwVj/zXgpYC1UZ2QjkIvVh+FyW:qi5R35zrSxsCjrwrlv8

Entry address:
0x75C08

Entry point:
55, 8B, EC, 83, C4, F0, B8, 60, 58, 47, 00, E8, D0, 06, F9, FF, A1, E4, 7A, 47, 00, 8B, 00, E8, 44, D1, FD, FF, 8B, 0D, 88, 7C, 47, 00, A1, E4, 7A, 47, 00, 8B, 00, 8B, 15, 20, 4C, 47, 00, E8, 44, D1, FD, FF, A1, E4, 7A, 47, 00, 8B, 00, E8, B8, D1, FD, FF, E8, 6B, E3, F8, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
467.5 KB (478,720 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 31.b5.adb8.ip4.static.sl-reverse.com  (184.173.181.49:80)

TCP (HTTP):
Connects to li310-193.members.linode.com  (178.79.173.193:80)

TCP (HTTP):
Connects to CUST-245.252.102.5.018.net.il  (5.102.252.245:80)

TCP (HTTP):
Connects to 203.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.38:80)

TCP (HTTP):
Connects to 154.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.70:80)

TCP (HTTP):
Connects to 103-16-152-143-noc.bsccl.com  (103.16.152.143:80)

Remove maingame.exe - Powered by Reason Core Security