home

cool-torrent.net_posledniy.moskal.2016.s02e01-16.satrip-torrent.exe

SpecKomServis

The application cool-torrent.net_posledniy.moskal.2016.s02e01-16.satrip-torrent.exe by SpecKomServis has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cool-films.z92527cf.bget.ru.
Publisher:
SpecKomServis  (signed and verified)

MD5:
7ca6e57267cecf965afffd67f1bf2438

SHA-1:
48c5e3924dc1d2d6d5bcb4079790a7fac59c6195

SHA-256:
49e0ea75441bace74e7c08b8861dad6fc9b62b68522ec0cfe6fa425428e6dbab

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 9:39:14 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
16.7.18.20

File size:
2.1 MB (2,234,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cool-torrent.net_posledniy.moskal.2016.s02e01-16.satrip-torrent.exe

Digital Signature
Signed by:
SpecKomServis

Authority:
COMODO CA Limited

Valid from:
3/7/2016 2:00:00 AM

Valid to:
3/8/2017 1:59:59 AM

Subject:
CN=SpecKomServis, O=SpecKomServis, STREET="ul. V/Ch 92926, 31, 18", L=d. Starye bateki, S=RU, PostalCode=214525, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
04639A5282897BF9A950EA0310EAC9D9

File PE Metadata
Compilation timestamp:
2/9/2014 5:13:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:wfbOeA3Xj0MYQceH0YMw7xFlJngQwrb1FM3D4LMcuj:wJ8TYQcwIylyQwrb1FMSMb

Entry address:
0x1006

Entry point:
E9, 96, 00, 00, 00, DB, 8B, F2, EB, 03, 94, 39, EF, FF, E2, F2, EB, 03, 44, E6, F9, 68, FA, D5, D8, 60, 9C, 81, 44, 24, 04, 40, 58, 67, 9F, 9D, C3, B8, 71, F2, EB, 02, C8, A9, 53, EB, 03, 0E, D8, E0, E9, 8F, 63, 00, 00, D9, EC, 0B, EB, 03, E8, 4A, A6, 64, FF, 35, 00, 00, 00, 00, F3, EB, 03, A1, 08, A2, 68, 98, 4E, 40, 00, 9C, FF, 44, 24, 04, 9D, C3, 2D, 22, 70, F2, EB, 01, EC, F2, EB, 03, D9, 18, 6A, F3, EB, 03, 73, 55, B9, 68, 0B, 48, 40, 00, 9C, FF, 44, 24, 04, 9D, C3, F7, A2, F3, EB, 02, 5D, 0F, 45, C7...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
836.5 KB (856,576 bytes)

The file cool-torrent.net_posledniy.moskal.2016.s02e01-16.satrip-torrent.exe has been seen being distributed by the following URL.

http://cool-films.z92527cf.bget.ru/get/a.php?url=http://cool-torrent.net/.../download.php?id=10561&name=cool-torrent.net_posledniy.moskal.2016.s02e01-16.satrip.torrent

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.