home

trainer.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from s10580.chomikuj.pl.
MD5:
977fb786cff9c6591ce60ac837441c36

SHA-1:
99d82b73e2134d0121f466c93bc7dd43ae2ecf52

SHA-256:
f0c712b7c4ec9cd71614e0ba4492a6dba0361534735f922a13a5ba867bd44322

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
6/27/2025 9:47:30 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

File size:
571.5 KB (585,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sid.meiers.civilization.v.plus.5.trainer\trainer.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:8NVeCN9f2C0JSAGdPizzcODuyAIhc72W0tN2iRRUx2yFeN:8tRgGdPizzc6JfW7280D

Entry address:
0x1000

Entry point:
B8, 38, B2, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 4A, 3E, 62, 1D, 64, 84, 49, A8, 0C, 99, B2, F5, 69, 35, D4, 52, AF, E7, 82, B9, EB, DF, 2D, 1B, DD, 5F, 55, ED, BE, 51, CB, BA, 79, 06, CE, B9, 06, C3, 57, 03, D8, 92, 66, 83, 3E, 63, CF, BF, AD, A3, E9, EF, F3, 52, AE, 0A, A5, DF, 59, 93, 9E, CE, E4, D8, D0, 15, 4F, 3E, 32, F6, F9, 2A, 83, D0, 95, A4, 50, B5, 67, D6, DD, 48, 2C, 15, 57, 27...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.1 MB (1,117,184 bytes)

The file trainer.exe has been seen being distributed by the following URL.

http://s10580.chomikuj.pl/File.aspx?e=IdYnu6DJcg7sv9Rf9W_aCvprJ0fsNnBY2b7BQSfkrOCNbl0eYd_T6pyp8M8nB2D-fweafa1XHjKVaP3Uip4FGVQ_NkliZ9ZHzsm-TNQewPSd-QDVV18x15UkmXSHyImX9FI3ptXuPVdcI_kmxwDy_A&pv=2

Scan trainer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.