stronghold crusader patch setup.exe

The application stronghold crusader patch setup.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from stronghold-crusader-patch.soft32.com.
Version:
1.0.0.0

MD5:
1ba1579e4c855dfa42724925923322e0

SHA-1:
8158ac9c30e3640f242a697adac281058e31c9eb

SHA-256:
8649d80a269a9ff1a6efdc1a0afd1ea7980d05a4e15bb189dfa5ea05221d0ce3

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/19/2017 7:18:53 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160327-1

AVG
Win32/Parite
2015.0.4355

Dr.Web
Adware.Downware.10581, Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1496.0

Norman
Win32.Parite.B
02.04.2016 17:35:19

VIPRE Antivirus
Threat.46249
48132

File size:
1.2 MB (1,294,806 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\stronghold crusader patch setup.exe

File PE Metadata
Compilation timestamp:
7/15/2013 11:51:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:x6PDA0uON4W1bxn3x9rgJqXeejyFMOmUn3p/yC8gUL:xYDA0uON4WJx3zrgJqOH6i8VL

Entry address:
0x380000

Entry point:
90, 90, B9, 83, 35, 98, 00, 68, 1C, 00, 78, 00, 5E, 90, 90, BA, 98, 05, 00, 00, 31, 0C, 32, 83, EA, 02, 83, EA, 02, 90, 75, F4, 6B, 48, 99, 00, 83, 35, 98, 00, 83, 35, D8, 00, F3, 2C, AF, 00, 9B, 3E, 89, 00, 55, 24, 89, 00, 83, 85, 9A, 00, 7C, CA, 67, FF, 1F, C4, EF, 00, 5F, C7, EF, 00, 69, C7, EF, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 1F, D2, 88, 00, 59, C7, AF, 00, 6B, C7, AF, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00, 83, 35, 98, 00...
 
[+]

Code size:
1 MB (1,060,864 bytes)

The file stronghold crusader patch setup.exe has been seen being distributed by the following URL.

Remove stronghold crusader patch setup.exe - Powered by Reason Core Security