home

miniclip-game-snowboarder-xs.exe

DirectorEmbed Application

The executable miniclip-game-snowboarder-xs.exe, “DirectorEmbed MFC Application” has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.miniclip.com.
Product:
DirectorEmbed Application

Description:
DirectorEmbed MFC Application

Version:
1, 0, 0, 1

MD5:
b54e153de4d6e2a9f3a8476d8fa0455b

SHA-1:
b11e81691c006b053f751b97cd6b7ae3d0f0301d

SHA-256:
284ca1d500f75c4fce53ae0874d39ad84310b3779e2974dfb86133a21605802d

Scanner detections:
7 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/18/2024 6:44:41 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1756.0

Norman
Win32.Sality.3
28.05.2016 13:03:37

File size:
852 KB (872,448 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2003

Original file name:
DirectorEmbed.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\miniclip-game-snowboarder-xs.exe

File PE Metadata
Compilation timestamp:
12/18/2003 2:59:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/gOJuCJL7U5GaRlF+n9BWuuD6N1AcNY4RCeWWYAGPx267wHmlc4ten6DvmkMMveU:4OACJVahoBW3K1nNWWqx979eh5yeWZ

Entry address:
0x1CDE

Entry point:
71, 02, 8B, F8, 42, 13, DA, F2, 69, CA, 31, 22, 3F, DB, 0F, AF, DD, 08, C9, 28, CF, C7, C5, 30, 55, 13, 7D, 56, 0F, AF, C8, 58, 0F, BF, F0, 0F, AF, FB, 89, F5, 8A, DE, 69, CF, 1F, 68, ED, 80, F7, C2, 51, 45, F2, 0B, 03, D0, 81, FB, 68, 19, 00, 00, 70, 02, B1, 24, 80, D6, AC, 80, EB, AC, 56, C6, C2, AB, 0A, DA, F2, 12, DA, B3, EB, 2A, FA, 84, C9, B8, B5, 90, 99, 51, E8, 25, 00, 00, 00, C7, C0, 5D, 42, B3, 9F, F6, C5, A8, F2, 88, DF, FE, C4, 86, DC, F7, C6, 73, 84, A3, B8, 8D, 35, EB, 93, 00, 00, 0F, AF, D5...
 
[+]

Entropy:
7.9349  (probably packed)

Code size:
4 KB (4,096 bytes)

The file miniclip-game-snowboarder-xs.exe has been seen being distributed by the following URL.

http://www.miniclip.com/.../download.php?n=snowboarder-xs

Remove miniclip-game-snowboarder-xs.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.