home

run_csgo.exe

The executable run_csgo.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from rghost.ru and multiple other hosts. While running, it connects to the Internet address mc.yandex.ru on port 443.
Version:
1.0.0.0

MD5:
ba08ce8822608eec73402185676c3c00

SHA-1:
7c5dcf051874296d5cee2d30cf8894865085e513

SHA-256:
bf1ef4df4e7f59e708d767391830a63756b081986adb3f54cd8c6cb5cbd1d036

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
5/16/2024 4:43:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.842450
805

Bitdefender
Application.Generic.842450
1.0.20.1625

Emsisoft Anti-Malware
Application.Htool.WKB
11.5.0.6191

Fortinet FortiGate
Riskware/BruteForce
11/21/2014

F-Secure
Application.Generic.842450
11.2014-21-11_6

G Data
Application.Generic.842450
14.11.24

MicroWorld eScan
Application.Generic.842450
15.0.0.975

File size:
5.5 MB (5,725,696 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\run_csgo.exe

File PE Metadata
Compilation timestamp:
10/11/2014 7:32:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:DspQVo54zYo+1+XoK8SHEn9FUQyHMKN8wnAgYq4YE8WCpchTM8UMckqAvCB7JcyU:Dspg+5ZM2K+wnAF9/mkfYQ2sX

Entry address:
0x397E1C

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 58, 8B, 78, 00, E8, 6F, 81, C7, FF, 8B, 1D, B4, 55, 7A, 00, 8B, 03, E8, 36, 04, E7, FF, 8B, 03, BA, AC, 7E, 79, 00, E8, 66, FE, E6, FF, 8B, 0D, C0, 59, 7A, 00, 8B, 03, 8B, 15, C4, FC, 77, 00, E8, 2F, 04, E7, FF, 8B, 0D, 78, 5A, 7A, 00, 8B, 03, 8B, 15, 38, A7, 61, 00, E8, 1C, 04, E7, FF, 8B, 0D, 8C, 54, 7A, 00, 8B, 03, 8B, 15, 08, D2, 76, 00, E8, 09, 04, E7, FF, 8B, 0D, 1C, 50, 7A, 00, 8B, 03, 8B, 15, F0, 7B, 62, 00, E8, F6, 03, E7, FF, 8B, 03, E8, 4B, 05, E7, FF, 5B, E8, C1...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.6 MB (3,763,712 bytes)

The file run_csgo.exe has been seen being distributed by the following 2 URLs.

http://rghost.ru/download/57787113/.../Run_CSGO.exe

http://www38.zippyshare.com/d/cqRimGBj/.../Run_CSGO.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip149.ip-51-255-119.eu  (51.255.119.149:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP):
Connects to server-52-84-33-115.ewr50.r.cloudfront.net  (52.84.33.115:80)

TCP (HTTP):
Connects to server-54-192-36-243.jfk1.r.cloudfront.net  (54.192.36.243:80)

TCP (HTTP):
Connects to server-52-85-133-98.iad53.r.cloudfront.net  (52.85.133.98:80)

TCP (HTTP):
Connects to server-52-84-33-48.ewr50.r.cloudfront.net  (52.84.33.48:80)

TCP (HTTP):
Connects to server-52-84-33-216.ewr50.r.cloudfront.net  (52.84.33.216:80)

TCP (HTTP):
Connects to server-52-84-33-199.ewr50.r.cloudfront.net  (52.84.33.199:80)

TCP (HTTP):
Connects to server-52-84-33-159.ewr50.r.cloudfront.net  (52.84.33.159:80)

TCP (HTTP):
Connects to ggc.xt-technetce-for1.tecnet.com.br  (131.161.109.16:80)

TCP (HTTP):
Connects to cache.google.com  (195.12.176.99:80)

TCP (HTTP):
Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net  (72.167.239.239:80)

TCP (HTTP):
Connects to 187.g8-ggc-spo.google.com  (186.226.85.187:80)

Remove run_csgo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.