» sims_4-spaces.ru.exe
Overview
Analysis
File Details
Downloads (1)

sims_4-spaces.ru.exe

BarYandex

The executable sims_4-spaces.ru.exe, “RoamWind 1.00 Installation ” has been detected as malware by 26 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from cs12.userfiles.me.

File name:

Publisher:

BarYandex

Description:

RoamWind 1.00 Installation

Version:

1.00

MD5:

c5b6661f05dd70ed0ba4435edc96632a

SHA-1:

ac012f013f33e66cde48ce33a93925ea8033712b

SHA-256:

6bd13972521d94ea70ef1dabc88e9d31f4f1504838fa650f5bb225eb4c667b96

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/26/2024 3:18:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.DP.3GW@aq6iHfbc

1085

AhnLab V3 Security

Trojan/Win32.ADH

2013.12.30

Avira AntiVirus

TR/ATRAPS.Gen

7.11.122.178

avast!

Win32:Malware-gen

2014.9-140215

AVG

PSW.Generic11.CJTR.dropper

2015.0.3563

Baidu Antivirus

Trojan.Win32.Delf

4.0.3.14215

Bitdefender

Gen:Trojan.Heur.DP.3GW@aq6iHfbc

1.0.20.230

Comodo Security

UnclassifiedMalware

17520

Emsisoft Anti-Malware

Gen:Trojan.Heur.DP.3GW@aq6iHfbc

8.14.02.15.06

ESET NOD32

Win32/Spy.Delf.PLY

8.9190

Fortinet FortiGate

W32/Delf.PLY!tr.spy

2/15/2014

F-Secure

Gen:Trojan.Heur.DP.3GW@aq6iHfbc

11.2014-15-02_7

G Data

Gen:Trojan.Heur.DP.3GW@aq6iHfbc

14.2.22

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.2.2.29

McAfee

RDN/Generic PWS.y!vi

5600.7219

MicroWorld eScan

Gen:Trojan.Heur.DP.3GW@aq6iHfbc

15.0.0.138

NANO AntiVirus

Trojan.Win32.ATRAPS.cemmqo

0.28.0.57029

Norman

Troj_Generic.QTOUX

11.20140215

Panda Antivirus

Suspicious file

14.02.15.06

Sophos

Mal/Generic-S

4.96

SUPERAntiSpyware

Trojan.Agent/Gen-SMHeist

10782

Total Defense

Win32/Jorik.KJ

37.0.10498

Trend Micro House Call

TROJ_GEN.RFFFC0EJS13

7.2.46

Trend Micro

TROJ_GEN.RFFFC0EJS13

10.465.15

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

24898

File size:

852.6 KB (873,107 bytes)

BarYandex

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\sims_4-spaces.ru.exe

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:TX48QE+U6VHWGRK1kPNviWLg4pVuwzITTZ:TXz+JHjRK92fdITTZ

Entry address:

0x25468

Entry point:

55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

145.5 KB (148,992 bytes)

The file sims_4-spaces.ru.exe has been seen being distributed by the following URL.

http://cs12.userfiles.me/f/0/1392410015/41994569/0/.../Sims_4-spaces.ru.exe

Remove sims_4-spaces.ru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.