bundle020916135813z.exe

Develop Invest, TOV

The executable bundle020916135813z.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from glue-tech.com.
Publisher:
Develop Invest, TOV  (signed and verified)

Version:
2.0.2.0

MD5:
f753272cb7cfe5d284e9f3194c6d014a

SHA-1:
8674656d4fd882612a031b2123ccee1967b5f22e

SHA-256:
fad6b28fce964cd7121ac3ca0c32c7bb05521bb6b35f4dc7e5b8b8f45f3de2c6

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/28/2024 4:39:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.22.18

File size:
3.6 MB (3,735,584 bytes)

Product version:
2.0.2.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\bundle020916135813z.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/18/2016 3:00:00 AM

Valid to:
5/11/2017 2:59:59 AM

Subject:
CN="Develop Invest, TOV", OU=IT, O="Develop Invest, TOV", STREET="vul. Svitlytskogo, 35", L=Kiev, S=Kiev, PostalCode=04080, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AE551D7D6A8095F78CD4E20AAF9225E1

File PE Metadata
Compilation timestamp:
1/18/2016 1:16:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x35F6BC

Entry point:
55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, B8, DC, 01, 75, 00, E8, EB, E7, CA, FF, 33, C0, 55, 68, 51, F8, 75, 00, 64, FF, 30, 64, 89, 20, 8B, 0D, 84, B8, 76, 00, A1, 3C, BF, 76, 00, 8B, 00, 8B, 15, BC, 9D, 73, 00, E8, 45, B7, E4, FF, 8D, 55, EC, B8, 01, 00, 00, 00, E8, 40, 76, CA, FF, 83, 7D, EC, 00, 74, 72, 8D, 55, E0, B8, 01, 00, 00, 00, E8, 2D, 76, CA, FF, 8B, 45, E0, 8D, 4D, E4, BA, 05, 00, 00, 00, E8, 81, 9E, CD, FF, 8B, 45, E4, 8D, 55, E8, E8, 7E, 12, CC, FF, 8B, 45, E8, BA, 6C, F8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.4 MB (3,530,752 bytes)

The file bundle020916135813z.exe has been seen being distributed by the following URL.

http://glue-tech.com/files/bundles/.../84e11.exe

Remove bundle020916135813z.exe - Powered by Reason Core Security