home

worms_3d_by peti gamer.exe

The executable worms_3d_by peti gamer.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download825.mediafire.com and multiple other hosts.
MD5:
8474b6eeb5a4d19e6b226f01510c8f8d

SHA-1:
19e2ef3f0956f29fac786629ddd831991a06b194

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
4/19/2024 3:03:44 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Packer.W32.Katusha
2.1.4+

F-Prot
W32/Downldr2.IWGY
v6.4.7.1.166

NANO AntiVirus
Trojan.Win32.ULPM.cuqjiw
0.28.2.62286

Norman
Suspicious_Gen2.BCJCJ
11.20141203

Panda Antivirus
Generic Trojan
14.12.03.06

Trend Micro House Call
TROJ_SPNR.04JO11
7.2.337

Trend Micro
TROJ_SPNR.04JO11
10.465.03

VIPRE Antivirus
Trojan.Win32.Generic
33490

Zillya! Antivirus
Downloader.Agent.Win32.120975
2.0.0.1936

File size:
81.7 MB (85,715,219 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\radio argentina\escritorio\worms_3d_by peti gamer.exe

File PE Metadata
Compilation timestamp:
8/16/2009 8:05:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1572864:rKiwDgmkVutVXdR8U+Ck8WCTAnn2PnT6AiRZx2t53g+Mhk8B/9XZ+FS15un/J:mLDg+tFn8U+Ck7T2PnT6AiROgpBBZ+Fh

Entry address:
0xA7D8

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 54, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, E2, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, C1, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 30, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 34, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
66 KB (67,584 bytes)

The file worms_3d_by peti gamer.exe has been seen being distributed by the following 17 URLs.

http://download825.mediafire.com/mbaxlehagm1g/.../Worms_3D_BY_LucasMelor.exe

http://download825.mediafire.com/bd4l6q03s4hg/.../Worms_3D_BY_LucasMelor.exe

https://mega.nz/temporary/.../nMxyhAQL

http://download1785.mediafire.com/og7ss66s64lg/.../Worms_3D_BY_LucasMelor.exe

http://download1762.mediafire.com/4jc9qc0496fg/.../Worms_3D_BY_LucasMelor.exe

http://download2222.mediafire.com/ywklk2a27dng/.../Worms_3D_BY_LucasMelor.exe

http://download1050.mediafire.com/adad0g0loaeg/.../Worms_3D_BY_LucasMelor.exe

https://mega.nz/persistent/.../nMxyhAQL

http://download1785.mediafire.com/yww9ke19f0hg/.../Worms_3D_BY_LucasMelor.exe

http://download825.mediafire.com/qbqb161pjdhg/.../Worms_3D_BY_LucasMelor.exe

http://download1221.mediafire.com/x84lac4rdlog/.../Worms_3D_BY_LucasMelor.exe

http://download1985.mediafire.com/h570zu9z5k8g/.../Worms_3D_BY_LucasMelor.exe

http://download1771.mediafire.com/julp6g4l78ig/.../Worms_3D_BY_LucasMelor.exe

http://download1910.mediafire.com/94c81etuh2qg/.../Worms_3D_BY_LucasMelor.exe

http://download1771.mediafire.com/wakmadgm69yg/.../Worms_3D_BY_LucasMelor.exe

https://mega.nz/temporary/.../5l1zQAhR

https://mega.nz/persistent/.../5l1zQAhR

Remove worms_3d_by peti gamer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.