» raidcall_v7.2.2.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

raidcall_v7.2.2.exe

KORAM GAMES LIMITED

The application raidcall_v7.2.2.exe by KORAM GAMES LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This file is typically installed with the program Aurora World by theAuroraWorld.com. The file has been seen being downloaded from dl.cdn.chip.de and multiple other hosts.

File name:

raidcall_v7.2.2.exe

Publisher:

KORAM GAMES LIMITED (signed and verified)

MD5:

29e221ad6f9bdcb73c7820eb23b4f437

SHA-1:

761e37a843ab05a808cb47ab5349b92cd4f2b7e1

SHA-256:

5e82155dae38036de52bb2a265b21ea4a05b05f74d9f8697f2a14b0bd9eb532b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 4:53:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.KORAMGAMESLIMITED.N

14.2.16.3

File size:

5.3 MB (5,515,216 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\raidcall_v7.2.2.exe

Digital Signature

Signed by:

KORAM GAMES LIMITED

Authority:

VeriSign, Inc.

Valid from:

11/8/2012 12:00:00 AM

Valid to:

1/7/2014 11:59:59 PM

Subject:

CN=KORAM GAMES LIMITED, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=KORAM GAMES LIMITED, L=HongKong, S=HongKong, C=HK

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6DE680510AEC828B17AC57B14D7A0CE3

File PE Metadata

Compilation timestamp:

3/22/2010 12:59:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:VkehMZcsyFDtJiPptIx7+wHCFXCnLiFAmURS4Wc+EtyLZOHFBuC0v:utZUttJI2CFLAmnc+0ysKCE

Entry address:

0x114F

Entry point:

E9, EC, 56, 00, 00, E9, 27, 96, 00, 00, E9, 72, 9A, 00, 00, E9, CD, 95, 00, 00, E9, E8, AA, 00, 00, E9, C3, BA, 00, 00, E9, 5E, 9B, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

57.5 KB (58,880 bytes)

The file raidcall_v7.2.2.exe has been discovered within the following program.

Aurora World by theAuroraWorld.com

www.theAuroraWorld.com

About 3% of users remove it

The file raidcall_v7.2.2.exe has been seen being distributed by the following 2 URLs.

http://dl.cdn.chip.de/downloads/.../raidcall_v7.2.2.exe

http://www.raidcall.com/.../raidcall_v7.2.2.exe

Remove raidcall_v7.2.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.