home

redstonecraft_beta1.2_mirror1.exe

RedstoneCraft Kliens

Gerviba

This is a setup program which is used to install the application. The file has been seen being downloaded from download1125.mediafire.com.
Publisher:
Gerviba

Product:
RedstoneCraft Kliens

Description:
RedstoneCraft Indító

Version:
B1.0.0.0

MD5:
612f1e5696ee545ee7d2c9a20e3529bb

SHA-1:
2ddae9b8647eccbc45548423afa33378b964303d

SHA-256:
a68779f33716e37c098ad8807382fc9f371f9406a46376152768cf2abcc12314

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 4:45:48 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Trojan.Artemis!612F1E5696EE
18.0.204.0

Trend Micro House Call
TROJ_GEN.R0C1H05LG14
7.2.339

File size:
1.3 MB (1,390,171 bytes)

Product version:
B1.0.0.0

Copyright:
Copyright (c) Gerviba

Original file name:
RedstoneCraft.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\redstonecraft_beta1.2_mirror1.exe

File PE Metadata
Compilation timestamp:
3/31/2014 7:38:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:TdmxUPE2RXN6VUuB+wmq5Phu69HNIY7pDiErTDM3ngS6f4cGSapVAb5SRbbk58Op:ZmxUPESXsLnmq5P8ONIYZiGvAnYapuSY

Entry address:
0x1290

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 8C, 02, 41, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, C4, 02, 41, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, B0, 02, 41, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, BA, 80, 00, 00, 00, 89, E5, 57, 31, C0, 8D, BD, E8, FE, FF, FF, 56, 53, 81, EC, 1C, 01, 00, 00, 89, 54, 24, 08, 89, 44, 24, 04, 89, 3C, 24, E8, 3F, 3A, 00, 00, 89, 7C, 24, 04, C7, 04, 24, 18, 00, 00, 00, E8, 07, 0B, 00, 00, 85, C0, 0F, 84, 7C, 00, 00...
 
[+]

Packer / compiler:
MingWin32

Code size:
16 KB (16,384 bytes)

The file redstonecraft_beta1.2_mirror1.exe has been seen being distributed by the following URL.

http://download1125.mediafire.com/a722krik9uag/.../RedstoneCraft_Beta1.2_MIRROR1.exe

Scan redstonecraft_beta1.2_mirror1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.