cities_skylines_-_deluxe_edition_by_xatab-2873-torrent.exe

Amulet

The application cities_skylines_-_deluxe_edition_by_xatab-2873-torrent.exe by Amulet has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.disk.yandex.ru.
Publisher:
Amulet  (signed and verified)

MD5:
7365ecbd0331c0c000b308780555f09f

SHA-1:
c6674f3ed81f4c1fe816a565ccf6ff963994df84

SHA-256:
2f0f4d51c8422c6cce936ac50976339b737fb2402548dff4af60ff6307dc6e85

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:57:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
16.8.10.17

File size:
2.9 MB (3,071,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cities_skylines_-_deluxe_edition_by_xatab-2873-torrent.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/18/2015 4:00:00 AM

Valid to:
12/18/2016 3:59:59 AM

Subject:
CN=Amulet, O=Amulet, POBox=127015, STREET="Vyatskaya, 70, pom.1", L=Moscow, S=Moscow state, PostalCode=127015, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B48E86D275ECE7BFC0A62B206428EDAC

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:TlKDltK9CqghBWGlbaWIl3ybzoCYs83WwtBsLl4DoHe4sB/DFvqLpC/7:hKvtqg78WIQIFLul4DOjsB/DFyO7

Entry address:
0x75C7FE

Entry point:
E8, C1, FF, FF, FF, E8, BC, FF, FF, FF, E8, B7, FF, FF, FF, E8, B2, FF, FF, FF, E8, AD, FF, FF, FF, E8, A8, FF, FF, FF, E8, A3, FF, FF, FF, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, FC, 33, D2, 64, 8B, 52, 30, 8B, 52, 0C, 8B, 52, 14, 8B, 72, 28, 6A, 18, 59, 33, FF, 33, C0, AC, 3C, 61, 7C, 02, 2C, 20, C1, CF, 0D, 03, F8, E2, F0, 81, FF, 5B, BC, 4A, 6A, 8B, 5A, 10, 8B, 12, 75, DB, C3, 55, 8B, EC, 56, 57, 53, 8B, 75, 08, 66, 81, 3E, 4D, 5A, 75, 61...
 
[+]

Packer / compiler:
Stranik 1.3 Modula/C/Pascal

Code size:
2.5 MB (2,608,128 bytes)

The file cities_skylines_-_deluxe_edition_by_xatab-2873-torrent.exe has been seen being distributed by the following URL.