raidcall.exe

raidcall

KORAM GAMES LIMITED

The application raidcall.exe by KORAM GAMES LIMITED has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RaidCall’. While running, it connects to the Internet address 2.3e.9905.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
RAIDCALL.COM  (signed by KORAM GAMES LIMITED)

Product:
raidcall

Version:
1.0.10926.49

MD5:
cd674b5205bceeb2907713ee1414f344

SHA-1:
dbad106ecdd4d68cf833b99762d72b28ee3f465c

SHA-256:
939ed15aaf0b231a2f30079041f84f47d00165728c0a29120488a5ee18cc7a97

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/12/2017 9:44:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup.KORAMGAMESLIMITED.I
14.3.2.11

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14103

File size:
3.3 MB (3,440,312 bytes)

Product version:
1.0.10926.49

Copyright:
Copyright (C) 2009-2010 RAIDCALL.COM, All rights reserved

Original file name:
raidcall.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\raidcall\raidcall.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/7/2012 10:00:00 PM

Valid to:
1/7/2014 9:59:59 PM

Subject:
CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DE680510AEC828B17AC57B14D7A0CE3

File PE Metadata
Compilation timestamp:
10/25/2013 12:01:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
98304:tGUk2bO9bAftlu03k4mkBxV9RRRY9uSd6LsTNPzEMyJJFqhAzwP3j:x5uj4HaEMgJFR8z

Entry address:
0x1D0610

Entry point:
6A, 74, 68, A8, 32, 6B, 00, E8, 98, FB, FF, FF, 33, FF, 89, 7D, E0, 57, 8B, 1D, FC, A1, 67, 00, FF, D3, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 7D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, B9, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, B9, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 7D, FC, 6A, 02, FF, 15, E0, A6, 67, 00, 59, 83, 0D, C4, CF, 76, 00, FF, 83...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
2.5 MB (2,592,768 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RaidCall

Command:
C:\Program Files\raidcall\raidcall.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 42.9c.7e4b.ip4.static.sl-reverse.com  (75.126.156.66:80)

TCP (HTTP):
Connects to d4.2b.9905.ip4.static.sl-reverse.com  (5.153.43.212:80)

TCP (HTTP):
Connects to 2.3e.9905.ip4.static.sl-reverse.com  (5.153.62.2:80)

TCP (HTTP):
Connects to 75.126.20.67-static.reverse.softlayer.com  (75.126.20.67:80)

TCP (HTTP):
Connects to 67.228.132.195-static.reverse.softlayer.com  (67.228.132.195:80)

TCP (HTTP):
Connects to 173.192.186.9-static.reverse.softlayer.com  (173.192.186.9:80)

TCP:
Connects to f6.88.7e4b.ip4.static.sl-reverse.com  (75.126.136.246:3001)

TCP (HTTP):
Connects to f2.c9.a86c.ip4.static.sl-reverse.com  (108.168.201.242:80)

TCP (HTTP SSL):
Connects to edge-star-shv-04-gru1.facebook.com  (31.13.85.48:443)

TCP (HTTP SSL):
Connects to edge-star-shv-04-fra2.facebook.com  (31.13.81.49:443)

TCP:
Connects to ec2-54-194-143-22.eu-west-1.compute.amazonaws.com  (54.194.143.22:81)

TCP:
Connects to ec2-54-194-143-17.eu-west-1.compute.amazonaws.com  (54.194.143.17:1447)

TCP:
Connects to ec2-54-194-142-152.eu-west-1.compute.amazonaws.com  (54.194.142.152:81)

TCP:
Connects to ec2-54-194-142-127.eu-west-1.compute.amazonaws.com  (54.194.142.127:81)

TCP:
Connects to ec2-54-193-57-142.us-west-1.compute.amazonaws.com  (54.193.57.142:81)

TCP:
Connects to ec2-54-193-53-211.us-west-1.compute.amazonaws.com  (54.193.53.211:81)

TCP:
Connects to ec2-54-193-45-236.us-west-1.compute.amazonaws.com  (54.193.45.236:1446)

TCP:
Connects to 75.126.20.79-static.reverse.softlayer.com  (75.126.20.79:1446)

TCP (HTTP SSL):
Connects to 173.192.186.10-static.reverse.softlayer.com  (173.192.186.10:443)

TCP:
Connects to 159.253.151.75-static.reverse.softlayer.com  (159.253.151.75:8446)

Remove raidcall.exe - Powered by Reason Core Security