home

3d_instruktor_novoe_leto_2015.exe-torrent.exe

CAPITAL SOFTWARE CONSULTANCY LTD

The application 3d_instruktor_novoe_leto_2015.exe-torrent.exe by CAPITAL SOFTWARE CONSULTANCY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from s36f.storage.yandex.net.
Publisher:
CAPITAL SOFTWARE CONSULTANCY LTD  (signed and verified)

MD5:
3944773abbfe6547498e93ffa82ebd8b

SHA-1:
ed6a21825a928129eddcebf0ae40bde71ce6f742

SHA-256:
46eef647b58a524aa6ff8b229cfbba9ace2950ad213796854089d350d70b8137

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
2/25/2025 3:02:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CAPITALSOFTWARECONSULTANCY (M)
16.2.24.16

File size:
2 MB (2,064,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\3d_instruktor_novoe_leto_2015.exe-torrent.exe

Digital Signature
Signed by:
CAPITAL SOFTWARE CONSULTANCY LTD

Authority:
COMODO CA Limited

Valid from:
11/10/2015 4:00:00 AM

Valid to:
11/10/2016 3:59:59 AM

Subject:
CN=CAPITAL SOFTWARE CONSULTANCY LTD, O=CAPITAL SOFTWARE CONSULTANCY LTD, POBox=CF23 8SL, STREET=58 Cranbourne Way Pontprennau, L=Cardiff, S=South Glamorgan, PostalCode=CF23 8SL, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4125F00DB7D3D769AA161DDC92CC0CB3

File PE Metadata
Compilation timestamp:
2/6/2016 4:17:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:ifRtzHKXZYfL9QzxC54wrqgzP/nMV5EIPshpBG+Sc+AV+Z4wQfwEGuddhuCSdgV7:GRJKGktVYo5AVwQj/5G4OQb

Entry address:
0x103810

Entry point:
55, 8B, EC, 83, C4, F0, B8, B8, 32, 50, 00, E8, 08, 36, F0, FF, A1, 80, 85, 50, 00, 8B, 00, E8, 54, 5F, F5, FF, A1, 80, 85, 50, 00, 8B, 00, 33, D2, E8, 6A, 5B, F5, FF, 8B, 0D, 08, 80, 50, 00, A1, 80, 85, 50, 00, 8B, 00, 8B, 15, F4, C1, 4F, 00, E8, 46, 5F, F5, FF, 8B, 0D, B8, 84, 50, 00, A1, 80, 85, 50, 00, 8B, 00, 8B, 15, 78, BE, 4F, 00, E8, 2E, 5F, F5, FF, A1, 80, 85, 50, 00, 8B, 00, E8, A2, 5F, F5, FF, E9, BC, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,059,328 bytes)

The file 3d_instruktor_novoe_leto_2015.exe-torrent.exe has been seen being distributed by the following URL.

https://s36f.storage.yandex.net/rdisk/471921db8d8bc70adda14ef1c2347dddc4f7d9fb5e1919d3b10126e78d73d8b4/56b8dc32/75gHDkkGiP7JzxcXvqo1MVDjAUSWFcqdd67gl0Cst1H5GPn1zV-jNPi351ow4NWV-QtIt-U27NzM8FI7_ng4_g==?uid=312266690&filename=3D_Instruktor_novoe_leto_2015.exe-torrent.exe&disposition=attachment&hash=&limit=0&content_type=application/x-msdownload&fsize=2064584&hid=6d5131c7a30817b8359d93f63722f7d9&media_type=executable&tknv=v2&etag=3944773abbfe6547498e93ffa82ebd8b&rtoken=Wc6RITIQixZT&force_default=yes&ycrid=na-c08122ab0c661962ad66474da010ac5b-downloader13d&ts=52b463de9f080&s=afb6171a17ec7145717c9dfbf5adadb5a6926f7041c6cfcd3bffcd9e511269e0&bp=/31/.../data-0.12:51195518923:2064584

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.