» raidcall.exe
Overview
Analysis
File Details
Downloads (1)

raidcall.exe

RAIDCALL LIMITED

The executable raidcall.exe, “RaidCall 7.3.6 Installation ” has been detected as malware by 13 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from raidcall.es.

File name:

raidcall.exe

Publisher:

RAIDCALL LIMITED

Description:

RaidCall 7.3.6 Installation

Version:

7.3.6

MD5:

f9e26ed33e375d0b27c499fe6ab053b5

SHA-1:

450d536805bb18b0981b1659063ccf78786ef829

SHA-256:

4709a531dd9d576bc8853fb7370cda8c729c19b199d448cbf8dae081d7306b5f

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 10:08:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5813612

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:SaliCode

160118-1

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.4702.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

File size:

6.5 MB (6,845,712 bytes)

RAIDCALL LIMITED

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\raidcall.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:LtG0QpQmw8xl+vFdn/i9lgiYfytz9Gj2z04B1:fQpVL+Pn6JYfizYyz1

Entry address:

0x25468

Entry point:

E8, 00, 00, 00, 00, 59, 0F, 6E, E9, 0F, 7E, EE, 81, FA, 47, A4, 00, 00, 70, 0A, C6, C1, 7E, 0F, B6, DD, FF, CF, 33, D2, 85, EE, B9, 47, 2C, 07, 0E, B8, D9, 82, 01, 00, 69, EB, 96, A4, 27, 3A, 35, 26, 86, 00, 00, 85, D6, C6, C6, D9, 03, F0, 88, CD, 81, EE, 47, 03, 00, 00, 56, 81, FA, 9E, B4, 00, 00, 71, 02, FF, CD, C3, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

145.5 KB (148,992 bytes)

The file raidcall.exe has been seen being distributed by the following URL.

http://raidcall.es/.../raidcall.exe

Remove raidcall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.