» xzone_reactor_application_setup.exe
Overview
Analysis
File Details
Downloads (2)

xzone_reactor_application_setup.exe

XZONE REACTOR Application

The executable xzone_reactor_application_setup.exe, “XZONE REACTOR Application Setup ” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download2174.mediafire.com and multiple other hosts.

File name:

Product:

XZONE REACTOR Application

Description:

XZONE REACTOR Application Setup

MD5:

4b031d31f3215cdfc2f1c3117c6880e1

SHA-1:

7adc346d48d4244d835f6888b6bf90ef077ba1c4

SHA-256:

22de4d12b876f6de0ce6eaa45618f71db716edbb0db5d2dccfbd3518c8c5b335

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/23/2024 2:53:29 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Luhe.Fiha.B

2015.0.3507

Bkav FE

W32.Clodd1f.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

18022

IKARUS anti.virus

Trojan.Win32.Menti

t3scan.2.2.29

K7 AntiVirus

Riskware

13.176.11595

Kaspersky

Trojan.Win32.Menti

14.0.0.4031

McAfee

Artemis!4B031D31F321

5600.7163

Norman

Suspicious_Gen4.CVPSL

11.20140411

Vba32 AntiVirus

Trojan.Menti

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27886

ViRobot

Trojan.Win32.A.Menti.12661129

2011.4.7.4223

File size:

12.1 MB (12,661,129 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:TFLNhAnQ5Lo1R3FL+Ja1X7g/KzpGa6jymNCKsxi+COTUDi48VRYg5SVwOURhb:WF8I1X7gYx6jcQ+gp8zQnQb

Entry address:

0x9A58

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.9958

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36.5 KB (37,376 bytes)

The file xzone_reactor_application_setup.exe has been seen being distributed by the following 2 URLs.

http://download2174.mediafire.com/r3p3np5apn2g/.../XZONE_REACTOR_Application_Setup.exe

http://xzone-reactor.com/.../XZONE_REACTOR_Application_Setup.exe

Remove xzone_reactor_application_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.