home

arabic_conquer_v1539.exe

BitCometLite

www.BitComet.com

Publisher:
www.BitComet.com

Product:
BitCometLite

Version:
1.9

MD5:
8b7bd8464e404ce44d12cdebabff5462

SHA-1:
5050ea5e00bcf6bb78d80c0318289866dfdb2121

SHA-256:
1ddd429d2599f606b038a30cf7a1f5341eea797da31ae1e2d090b5dc09cb7253

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/5/2024 6:48:19 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader9.60811
9.0.1.0295

McAfee
Artemis!8B7BD8464E40
5600.6970

Trend Micro House Call
Suspicious_GEN.F47V0716
7.2.295

File size:
4.7 MB (4,958,720 bytes)

Product version:
1.28

Copyright:
Copyright(C) 2003-2009 All Rights Reserved.

Original file name:
BitCometLite.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\arabic_conquer_v1539.exe

File PE Metadata
Compilation timestamp:
5/26/2011 7:56:49 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:HDHZC4mTh4lw9vzSywti+JGv2BZSPyJD6ZXKwi1jDQXO0qgaaDAAnyuDbUm:Jw9zSFbBZSPyF6VKrgpnywbR

Entry address:
0x230610

Entry point:
E8, DB, F3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 82, 50, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FD, DD, FF, FF, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, 76, F5, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53, E8, F7, F3, 00, 00, 59...
 
[+]

Entropy:
6.6194

Code size:
3.4 MB (3,540,992 bytes)

The file arabic_conquer_v1539.exe has been seen being distributed by the following 2 URLs.

http://qahr-cdn.download.99.com/torrent/.../Arabic_Conquer_v1539.exe

ftp://92.52.125.222/torrent/.../Arabic_Conquer_v1539.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to ox-173-241-240-143.xa.dc.openx.org  (173.241.240.143:443)

TCP (HTTP SSL):
Connects to mpr2.ngd.vip.ir2.yahoo.com  (217.12.15.54:443)

TCP (HTTP SSL):
Connects to host-213.158.178.32.tedata.net  (213.158.178.32:443)

TCP (HTTP SSL):
Connects to host-213.158.178.31.tedata.net  (213.158.178.31:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to ec2-54-243-41-194.compute-1.amazonaws.com  (54.243.41.194:443)

TCP (HTTP):
Connects to ec2-54-213-173-26.us-west-2.compute.amazonaws.com  (54.213.173.26:80)

TCP (HTTP):
Connects to ec2-46-137-163-71.eu-west-1.compute.amazonaws.com  (46.137.163.71:80)

TCP (HTTP SSL):
Connects to ec2-23-21-240-83.compute-1.amazonaws.com  (23.21.240.83:443)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

Scan arabic_conquer_v1539.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.