cometbird_11.0_es-es_setup.exe

CometBird

Shanghai Comet Network Technology

This is a setup and installation application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
CometNetwork  (signed by Shanghai Comet Network Technology)

Product:
CometBird

Version:
4.42

MD5:
104aa68a49beff9de9cd7d9000fa3522

SHA-1:
3d58049d7055a3056f7b7aea20ba968ac68c59ce

SHA-256:
92939396ea648970c46f18acde7b74dc9a3435b668a82b1561e5900adbe54899

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/26/2024 11:50:21 AM UTC  (today)

Scan engine
Detection
Engine version

ViRobot
Trojan.Win32.Downloader.45056.QG
2011.4.7.4223

File size:
15.4 MB (16,188,264 bytes)

Product version:
4.42

Copyright:
CometNetwork

Original file name:
7zS.sfx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cometbird_11.0_es-es_setup.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
12/1/2009 1:00:00 AM

Valid to:
12/1/2012 12:59:59 AM

Subject:
CN=Shanghai Comet Network Technology, O=Shanghai Comet Network Technology, STREET="4 Floor, No. 1118 Yu Yuan Road", L=Shanghai, S=Shanghai, PostalCode=200050, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
2E5CC2392A49C3023413CCAEA54D9CDB

File PE Metadata
Compilation timestamp:
8/16/2006 12:27:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:PtT7zQXasZJ7so0ai59h6qiQrXpl8a3ern6QORR3T:PtT9sZJ7sDlEUXf8QeWQ+3T

Entry address:
0x21D00

Entry point:
60, BE, 00, 80, 41, 00, 8D, BE, 00, 90, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
40 KB (40,960 bytes)

The file cometbird_11.0_es-es_setup.exe has been seen being distributed by the following 5 URLs.

http://dw.uptodown.com/dwn/ccAGCh8R_er4RmUVcRju-iMN7pK7fflSDAG-VFfplUpUvo2aAerZU_IkYlznFr3yz3XkrTUYctr36-6IElBbQYWYylZivDKt8S88rj6LxqQlUoznsUOxmcm-_Le29DTp/itOgZy1Lzdio95ZU8wtoit-QYIShjPpIPLhSxIo3MSiYIqOglSuGW7Dg9i1JwpOGM-COcUnjFyRBsR5rWtCYfaOuv-HK4B_h_8GL4S11Xoljio-Q6kEHlMZleHNZGjan/f5JHnBOvmLUon2kqnob6yZ7iFKh9QrAcS7My8QAnc78cn9NS27CrJ2nUzpeJHO37SVmytd702OBtPq0ygLn7SqkvXMqto9rtVmeATUYxJLToeA3atcRz_z922ti4HsFL/.../

https://dw.uptodown.com/dwn/ox34H3qFoGpvxELoGfKUSyIYPFPtpS3EMFOpkrOru_sVoX_NVxvyF4H_81zoj0Z2mAphNbvOOPIeeBG8c1Jw36Xx8pTWZ0T6rtP7TBmbNi-T9NkdlVLcwV-hkxPSKEN2/ztPZGWJZ7aUvAJ64EoAvYIS1USuuhaYE9KazeLIeU9VWmZLlne40qoMuVHbpM8wDuaR1qJM16U5ZxeQKINlrNT4NyqpphlhOW9-1sGHXVVJ_9GTp2nlhrv-dZTlLV8pV/2M6WRxqaESZsjpNVPOkyYWQKDF3p8tfzryNyygz24HgfRm8yo8EMTmy_Xy0-fzmsT6BGdGqcY2ex-8yiH1MKAqUGMkhUiWLm06WhMEsaUwXJe31-WjCAKK6uaFEqSIwR/.../

http://dw.uptodown.com/dwn/huXrBsjClDkOk1zzC1-1sf2fMxlHgC5mTMnuKEZ7tMMh9FU0DnIkVBYnIt8DfTB6gnPThHSFm_bmy07ea7-156geV4-k3GoBNvhtm6YvusUNAXzc6E8SoBDSl8hThBne/py5GslRBaST4UEWhvk2CGpSujjWtBaNPcMyFWskq2q-9NfL6XrduVuTrsMtK4itjHFlo1evO2_XmmHGaChEr7D-8l6scA-7uGAH1mYuU1646J0kmmrozQPVO6ck3ikaP/fbVuUvuji3ti9RnaU_A0zXu9I5k0tZsKeziu2Cb-_XmUcrQb7Q1UsvedTUSIyiYXPitmYYOQu-mshj9-LiJqwPVcl6KdEHwNrRJRMv03LwBI6Ydvc3SuMjVNYFTX6sBT/.../

Scan cometbird_11.0_es-es_setup.exe - Powered by Reason Core Security