» stronghold crusader patch setup.exe
Overview
Analysis
File Details
Downloads (1)

stronghold crusader patch setup.exe

The application stronghold crusader patch setup.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from stronghold-crusader-patch.soft32.com.

File name:

Version:

1.0.0.0

MD5:

1ba1579e4c855dfa42724925923322e0

SHA-1:

8158ac9c30e3640f242a697adac281058e31c9eb

SHA-256:

8649d80a269a9ff1a6efdc1a0afd1ea7980d05a4e15bb189dfa5ea05221d0ce3

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/24/2024 4:38:22 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160327-1

AVG

Win32/Parite

2015.0.4355

Dr.Web

Adware.Downware.10581, Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1496.0

Norman

Win32.Parite.B

02.04.2016 17:35:19

VIPRE Antivirus

Threat.46249

48132

File size:

1.2 MB (1,294,806 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\stronghold crusader patch setup.exe

File PE Metadata

Compilation timestamp:

7/15/2013 11:51:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:x6PDA0uON4W1bxn3x9rgJqXeejyFMOmUn3p/yC8gUL:xYDA0uON4WJx3zrgJqOH6i8VL

Entry address:

0x380000

Entry point:

90, 90, B9, 83, 35, 98, 00, 68, 1C, 00, 78, 00, 5E, 90, 90, BA, 98, 05, 00, 00, 31, 0C, 32, 83, EA, 02, 83, EA, 02, 90, 75, F4, 6B, 48, 99, 00, 83, 35, 98, 00, 83, 35, D8, 00, F3, 2C, AF, 00, 9B, 3E, 89, 00, 55, 24, 89, 00, 83, 85, 9A, 00, 7C, CA, 67, FF, 1F, C4, EF, 00, 5F, C7, EF, 00, 69, C7, EF, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 1F, D2, 88, 00, 59, C7, AF, 00, 6B, C7, AF, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00... 
[+]

Code size:

1 MB (1,060,864 bytes)

The file stronghold crusader patch setup.exe has been seen being distributed by the following URL.

http://stronghold-crusader-patch.soft32.com/get/file/id/.../?lp=dsa&tg=pl&kw=_cat:soft32.com&mt=b&ad=31507498322&pl=&ds=s&gclid=CP7So57GoroCFYmV3godSg4AlQ

Remove stronghold crusader patch setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.