» cool-torrent.net_ne.spat.2016.04.22.satrip-torrent.exe
Overview
Analysis
File Details
Downloads (1)

cool-torrent.net_ne.spat.2016.04.22.satrip-torrent.exe

Inar

The application cool-torrent.net_ne.spat.2016.04.22.satrip-torrent.exe by Inar has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cool-films.z92527cf.bget.ru.

File name:

Publisher:

Inar (signed and verified)

MD5:

044d7539a3977fa332e14752ff26b79b

SHA-1:

2e7596c5c3c81564d020ba6558bb3a1cc42982ab

SHA-256:

ebc4709cf55d74c45bcbc67ea83fe16e695b8d4cdcc4c2f4b7d6285589004b22

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 9:40:17 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.FileTour.Inar (M)

16.4.25.22

File size:

2.7 MB (2,795,488 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\cool-torrent.net_ne.spat.2016.04.22.satrip-torrent.exe

Digital Signature

Signed by:

Inar

Authority:

COMODO CA Limited

Valid from:

3/7/2016 2:00:00 AM

Valid to:

3/8/2017 1:59:59 AM

Subject:

CN=Inar, O=Inar, POBox=125430, STREET="Mitinskaya 28, 1", L=Moscow, S=Moscow, PostalCode=125430, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AB4370BDD00A267992E2C4CE2CA93FB9

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:BAuYYzBD1ftg+dTU33cMTT6/jrQGurn7lvgIYL9WDkVX8w6MP:BnzffaaT43fujrBuWRLEDI6MP

Entry address:

0x7E3000

Entry point:

E9, 3F, 1B, 00, 00, 10, F3, EB, 02, 95, F1, FF, E0, EB, 01, BC, 68, F9, D7, 4F, 7D, 9C, 81, 44, 24, 04, 68, 75, 6E, 83, 9D, C3, 3F, 19, F3, EB, 03, CD, 1A, F5, 8D, 64, 24, 04, F2, EB, 01, E1, E9, 90, 03, 00, 00, 33, F2, EB, 02, 78, B8, FF, E0, EB, 01, 95, E9, 08, 1E, 00, 00, BD, EB, 03, 01, C4, C6, 64, 89, 21, EB, 02, 21, A4, 68, 8D, 6C, 47, 25, 9C, 81, 44, 24, 04, 9E, C6, 76, DB, 9D, C3, C5, 53, 70, EB, 01, EC, B8, FF, 8F, 9A, FF, EB, 02, 37, 47, E9, 4A, 02, 00, 00, CF, 6A, 32, F2, EB, 02, B9, 09, 8B, 54... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

2.6 MB (2,743,296 bytes)

The file cool-torrent.net_ne.spat.2016.04.22.satrip-torrent.exe has been seen being distributed by the following URL.

http://cool-films.z92527cf.bget.ru/get/a.php?url=http://cool-torrent.net/.../download.php?id=10253&name=cool-torrent.net_ne.spat.2016.04.22.satrip.torrent

Remove cool-torrent.net_ne.spat.2016.04.22.satrip-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.