home

copy of play.exe

R.A.S.Group

The executable copy of play.exe, “ripped by renchongyi ” has been detected as malware by 6 anti-virus scanners.
Publisher:
R.A.S.Group

Description:
ripped by renchongyi

Version:
. . .

MD5:
f47d7f1a1f14bed7a0ea73b14c0c0567

SHA-1:
0676eb718d6ab3e1a60e5224e6c7ec083e81523b

SHA-256:
a822e1936545a571eb3ff3bf4bcc5529cde5038396543bfca4f8773124310315

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/28/2024 6:38:55 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen {Delphi}
2014.9-170311

Clam AntiVirus
Trojan.Fakedoc-2
0.98/18155

IKARUS anti.virus
Virus.Win32.Trojan
17.03.11

Panda Antivirus
Suspicious file
17.03.11.09

Prevx
BACKDOOR.ZAPCHAST.D
3.0.3

Rising Antivirus
Trojan.DL.Win32.Agent.wys
23.00.65.17309

File size:
147.1 KB (150,678 bytes)

Product version:
0.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x190E0

Entry point:
55, 8B, EC, B9, 2B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, 08, 90, 41, 00, E8, 61, CE, FE, FF, 33, C0, 55, 68, 98, 97, 41, 00, 64, FF, 30, 64, 89, 20, A1, 5C, B4, 41, 00, 33, D2, 89, 10, 8D, 45, E8, E8, AA, FB, FF, FF, 8B, 55, E8, B8, E0, E8, 41, 00, E8, 69, B1, FE, FF, 8D, 55, E4, A1, E0, E8, 41, 00, E8, 0C, FB, FF, FF, 8B, 55, E4, B8, E0, E8, 41, 00, E8, 4F, B1, FE, FF, B8, F0, E8, 41, 00, BA, 00, 01, 00, 00, E8, DC, B6, FE, FF, 68, 00, 01, 00, 00, A1, F0, E8, 41, 00, E8, 9D, B5, FE, FF, 50...
 
[+]

Entropy:
5.9619

Developed / compiled with:
Microsoft Visual C++

Code size:
98.5 KB (100,864 bytes)

Remove copy of play.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.