» ra2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (5)
Downloads (5)

ra2.exe

The executable ra2.exe has been detected as malware by 10 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler. Additionally, the file is typically installed by a number of programs including Red Alert 2 by Westwood Studios and Red Alert 2 1 by PentaTechs.

File name:

ra2.exe

MD5:

a8dc6cc4115c0d53c06d85ad9b8b5599

SHA-1:

a170db435135f21d405c1d6cd15e89e3b46088d4

SHA-256:

596ac84633bcc898ea5a7d55ccf5360f1d89cfb9266db1f18ec1fabec51a0d73

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/18/2024 10:29:14 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Kashu.E

2015.04.19

avast!

Win32:SaliCode

2014.9-150420

K7 AntiVirus

Virus

13.202.15640

McAfee

Virus.W32/Virut.n.gen

5600.6790

Microsoft Security Essentials

Threat.Undefined

1.195.3698.0

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.20.1

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15418

Trend Micro House Call

PE_SALITY.RL

7.2.110

Trend Micro

PE_SALITY.RL

10.465.20

VIPRE Antivirus

Threat.4721115

38882

File size:

126 KB (129,024 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

9/24/2000 4:20:34 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:47ppNX/feQjpWbqX65p163YC1gKV3CLaxi9BhiIeolE/Ww:4leQjpgqK0I4rV3Fxi9DiIeolE+

Entry address:

0x787F

Entry point:

55, 8B, EC, 6A, FF, 68, 78, 23, 41, 00, 68, E4, C5, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 78, 11, 41, 00, 33, D2, 8A, D4, 89, 15, 18, 72, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 14, 72, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 10, 72, 41, 00, C1, E8, 10, A3, 0C, 72, 41, 00, 33, F6, 56, E8, 9B, 1C, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 3C, 4B, 00, 00, FF, 15, 9C, 11, 41, 00, A3, C4, 88, 41, 00, E8... 
[+]

Entropy:

5.4791

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

82 KB (83,968 bytes)

Scheduled Task

Task name:

{24BC5E76-2E8F-4A36-831F-524970F1D434}

Trigger:

Registration (Runs on registration)

The file ra2.exe has been discovered within the following programs.

Mental Omega APYR by Mentalmeisters

mo.cncguild.net

About 1% of users remove it

Red Alert 2 by Westwood Studios

www.westwood.com

About 9% of users remove it

Red Alert 2 1 by PentaTechs

www.penta-tech.blogspot.com

About 6% of users remove it

Red Alert II & Yuri's Revenge by Westwood Studios

About 3% of users remove it

Red Alert Yuri's Revenge by Addictive Gaming

www.AddictiveGaming.com

About 6% of users remove it

The file ra2.exe has been seen being distributed by the following 5 URLs.

ftp://172.24.49.64/rayong/8.????????•.??????/??????????????•??????/.../Ra2.exe

temp:Ra2.exe

http://originaldll.com/.../33674.exe

https://eusa.put.io/.../84227282?tunnel=1&storage=s06&token=c257dbb6c01d11e288d500237d9c6b49&u=mJmonWpfXJlgW2BnWmRdX5SSnGFZVWBUZGNlX2NcZVRWYFtpY2ZlZV5kU4yZiQ==&attachment=1

https://put.io/v2/files/84227282/.../Ra2.exe

Remove ra2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.