home

15235__tv-torrent.org-id1-torrent.exe

SpecKomServis

The application 15235__tv-torrent.org-id1-torrent.exe by SpecKomServis has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from s111f.storage.yandex.net.
Publisher:
SpecKomServis  (signed and verified)

MD5:
a1d4f7e26c9b722a0d712705c4ad98a3

SHA-1:
da9b05dec06b04334b569fb7b6e7117fc1657877

SHA-256:
f3a5e95bfdff302b14be780198b9443b16efcd02871e01d8d11866bfe5788df7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/30/2024 10:58:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour
16.3.28.9

File size:
2 MB (2,098,368 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
SpecKomServis

Authority:
COMODO CA Limited

Valid from:
3/7/2016 2:00:00 AM

Valid to:
3/8/2017 1:59:59 AM

Subject:
CN=SpecKomServis, O=SpecKomServis, STREET="ul. V/Ch 92926, 31, 18", L=d. Starye bateki, S=RU, PostalCode=214525, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
04639A5282897BF9A950EA0310EAC9D9

File PE Metadata
Compilation timestamp:
12/25/2011 11:18:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:OAQRjA1Jzew97pb4MnJrUDUnZfYCo/coMmagVZzN64wS:JIA1QSp5JnwCo/JZ5wS

Entry address:
0x61F783

Entry point:
4D, 5A, 50, 00, 02, 00, 00, 00, 04, 00, 0F, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 1A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 50, 45, 00, 00, 4C, 01, 09, 00, 4C, EA, F6, 4E, 00, 00, 00, 00, 00, 00, 00, 00, E0, 00, 87, 81, 0B, 01, 07, 0A, 00, 88, 1F, 00, 00, 56, 00, 00, 00, 00, 00, 00, 83, F7, 61, 00, 00, 10, 00, 00, 00, 00, 0C, 00, 00, 00, 40, 00, 00, 10, 00, 00, 00, 02, 00, 00...
 
[+]

Code size:
2 MB (2,066,432 bytes)

The file 15235__tv-torrent.org-id1-torrent.exe has been seen being distributed by the following URL.

https://s111f.storage.yandex.net/rdisk/903c6611a25eb1cbd290fbaf08a1bd9efafd8c79d986ecd0f6336f46d809576c/56f2f814/Gc8pisuaJgQwqRYMDSFxB6UMDJaLSXPTc8riqOGP8uPrGDH8m6-CIAlw6Q8gfV2WJ56B4BB2o3VS30QVKdzWdw==?uid=358680895&filename=15235__tv-torrent.org-id1-torrent.exe&disposition=attachment&hash=&limit=0&content_type=application/x-msdownload&fsize=2098368&hid=d51e2c995bc4b693aa926ef94c7e0f43&media_type=executable&tknv=v2&etag=a1d4f7e26c9b722a0d712705c4ad98a3&rtoken=B4z85LQUqzdT&force_default=yes&ycrid=na-2799ff1e47f88a0409c7f8ee30c2b16e-downloader6e&ts=52ebce9df2d00&s=650eed66ef825250023de895f26e2b0acecb7ac7f33674ecf1607d1b5ff8ab21&bp=/45/.../data-0.1:21809143347:2098368

Remove 15235__tv-torrent.org-id1-torrent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.