home

3b0b578d-61fc-8f99-12d2-73bfd9549081_1d1d3dee5a4fd98

INTIS

The file 3b0b578d-61fc-8f99-12d2-73bfd9549081_1d1d3dee5a4fd98 by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from s52e.storage.yandex.net.
Publisher:
INTIS  (signed and verified)

MD5:
7f6276fdf981f96623b9865638b2e22a

SHA-1:
a01c458f0577fa490037af3dfdcc11abf8a56f98

SHA-256:
01d1cd90c679c77e69380216004bb3233ea13bb5545c104721d9e41462555975

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 7:11:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour.INTIS (M)
16.7.1.13

File size:
2.8 MB (2,985,416 bytes)

Common path:
C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\3b0b578d-61fc-8f99-12d2-73bfd9549081_1d1d3dee5a4fd98

Digital Signature
Signed by:
INTIS

Authority:
COMODO CA Limited

Valid from:
4/16/2016 3:00:00 AM

Valid to:
4/17/2017 2:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
Compilation timestamp:
1/19/2019 12:48:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:0Xoq7CaCn/AZ6B+ujeVSdepKoWWrn+mZoNyUnK7EOdB1nYSKjNSjr3R:aHfCnY6QujEScp3rn9ZoN2Zzjrh

Entry address:
0x6EC000

Entry point:
68, A4, D1, AE, 00, C3, 31, 05, EF, D4, B2, FF, 68, 3A, 25, 2F, BE, 9C, 81, 44, 24, 04, A8, A1, 7F, 42, 9D, C3, 29, 64, 89, 20, 68, 38, C7, AE, 00, 9C, FF, 44, 24, 04, 9D, C3, 7A, A2, CD, FF, E2, 68, 09, CA, AE, 00, 9C, FF, 44, 24, 04, 9D, C3, CE, EA, BF, E9, BD, 08, 00, 00, 11, 64, 8F, 05, 00, 00, 00, 00, 68, 5C, 1C, 11, 23, 9C, 81, 6C, 24, 04, E8, 51, 62, 22, 9D, C3, 47, 13, 68, 30, DA, AE, 00, C3, 6A, 2D, FA, AB, CB, FF, 68, 01, E7, 7C, F9, 9C, 81, 44, 24, 04, B4, E1, 31, 07, 9D, C3, 5C, FD, 81, 2C, 24...
 
[+]

Code size:
2 MB (2,054,144 bytes)

The file 3b0b578d-61fc-8f99-12d2-73bfd9549081_1d1d3dee5a4fd98 has been seen being distributed by the following URL.

https://s52e.storage.yandex.net/rdisk/899c235411b4f2ab11362eee2892e695cfb7962da8cca4e829b9a7b8a2685ca0/5775c61f/3Cc_001lyA5VNtjBH3uXgjhNcM7__UM2QAL44jYc1l3Yjt3HvoRIsdCDzGn3UqXLb0cdWnDQqPU_EI9PxisJWA==?uid=358710091&filename=Grand-Theft-Auto-San-Andreas-3600-torrent.exe&disposition=attachment&hash=&limit=0&content_type=application/x-msdownload&fsize=2985416&hid=73262f3b843e7b02d772552b0ed00702&media_type=executable&tknv=v2&etag=7f6276fdf981f96623b9865638b2e22a&rtoken=wTuS95SgKgtX&force_default=yes&ycrid=na-6db2d3e4fb41917f791eb0630e367692-downloader1g&ts=53688d65685c0&s=f89c56bbe9be2451629eb1b827cac0084285c127c31e1df21c9835e0c8f47e87&bp=/56/.../data-0.7:12525356597:2985416

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.