» perfectworld.exe
Overview
Analysis
File Details
Downloads (1)

perfectworld.exe

The executable perfectworld.exe has been detected as malware by 40 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from www.levelupgames.com.br.

File name:

perfectworld.exe

Description:

Setup

Version:

10.0.30319.1 built by: RTMRel

MD5:

8da16d5e42a2dbb64191ab9365e945ce

SHA-1:

6075ec552327790534661a4c730108cf5c7246b6

SHA-256:

5c82d7237fb0985ef79a44b95f650709bf96de66e7f84b3fa97b1df9730734e7

Scanner detections:

40 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 7:20:30 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Parite.B

5695233

Agnitum Outpost

Win32.Parite.B

7.1.1

AhnLab V3 Security

Win32/Parite

2015.12.09

Avira AntiVirus

W32/Parite

8.3.2.4

Arcabit

Win32.Parite.B

1.0.0.629

avast!

Win32:Parite

151205-4

AVG

Win32/Parite

2015.0.4477

Baidu Antivirus

Virus.Win32.Parite.$b

4.0.3.15128

Bitdefender

Win32.Parite.B

1.0.20.1710

Bkav FE

W32.Pinfi.B

1.3.0.7383

Clam AntiVirus

Heuristics.W32.Parite.B

0.98/21141

Comodo Security

Virus.Win32.Parite.gen

23690

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

10.0.0.5366

ESET NOD32

Win32/Parite.B virus

7.0.302.0

Fortinet FortiGate

W32/Parite.B

12/8/2015

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.21

G Data

Win32.Parite

15.12.25

IKARUS anti.virus

Virus.Parite

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.212.18043

Kaspersky

Virus.Win32.Parite

15.0.0.543

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Virus:Win32/Parite.B

1.1.12300.0

MicroWorld eScan

Win32.Parite.B

16.0.0.1026

NANO AntiVirus

Virus.Win32.Parite.bgvo

1.0.10.5081

Norman

Win32.Parite.B

28.10.2015 12:55:53

nProtect

Virus/W32.Parite.C

15.12.08.01

Panda Antivirus

W32/Parite.B

15.12.08.05

Qihoo 360 Security

Virus.Win32.Parite.H

1.0.0.1077

Quick Heal

W32.Perite.A

12.15.14.00

Rising Antivirus

PE:Virus.Parite!1.9B80 [F]

23.00.65.151206

Sophos

Virus 'W32/Parite-B'

5.21

Total Defense

Win32/Pinfi.A

37.1.62.1

Trend Micro House Call

PE_PARITE.A

7.2.342

Trend Micro

PE_PARITE.A

10.465.08

Vba32 AntiVirus

Virus.Win32.Parite.b

3.12.26.4

VIPRE Antivirus

Threat.46249

45686

ViRobot

Win32.Parite.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Parite.Win32.9

2.0.0.2554

File size:

565.5 KB (579,034 bytes)

Product version:

10.0.30319.1

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\perfectworld.exe

File PE Metadata

Compilation timestamp:

3/18/2010 8:21:36 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:M7IRWDvFa+nhmuF3Y0s9LeDuUlXSYGQMl4Oeaq4:M7GUo+F3YlBi1/MlFeaB

Entry address:

0x66000

Entry point:

90, 90, B9, 06, D3, 21, 0C, BA, 20, 60, 46, 00, BF, 98, 05, 00, 00, FF, 34, 3A, 31, 0C, 24, 8F, 04, 3A, 90, 83, EF, 03, 4F, 90, 75, EF, 90, 90, EE, AE, 20, 0C, 06, D3, 21, 0C, 06, D3, 61, 0C, 47, 36, 23, 0C, 26, CD, 27, 0C, DC, F6, 27, 0C, 06, 63, 23, 0C, 06, D3, 21, 0C, 46, C3, 61, 0C, D4, 3F, 65, 0C, E2, 3F, 65, 0C, 02, 0F, 25, 0C, D6, 3F, 25, 0C, E4, 3F, 25, 0C, 46, D7, 21, 0C, D6, 3F, 25, 0C, E4, 3F, 25, 0C, 06, D3, 21, 0C, 06, D3, 21, 0C, 06, D3, 21, 0C, 06, D3, 21, 0C, 3A, C2, 61, 0C, 06, D3, 21, 0C... 
[+]

Code size:

314.5 KB (322,048 bytes)

The file perfectworld.exe has been seen being distributed by the following URL.

http://www.levelupgames.com.br/redirecionador/perfectworld/.../gerenciador-do-jogo

Remove perfectworld.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.