home

cool-torrent.net_ride.along.2.2016.hdrip-torrent.exe

Inar

The application cool-torrent.net_ride.along.2.2016.hdrip-torrent.exe by Inar has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from cool-films.z92527cf.bget.ru.
Publisher:
Inar  (signed and verified)

MD5:
553254b67c1c7eb02de78289f5a1c5a2

SHA-1:
2d0bda6aaf1d867a3589a8fc6fca8642c175f18d

SHA-256:
0e7f982d0d1fdea509c3a78b427a2c6c640d632618a655c98b5ec512994952a2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 9:37:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour.Inar (M)
16.4.25.15

File size:
2.2 MB (2,263,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cool-torrent.net_ride.along.2.2016.hdrip-torrent.exe

Digital Signature
Signed by:
Inar

Authority:
COMODO CA Limited

Valid from:
3/7/2016 11:00:00 AM

Valid to:
3/8/2017 10:59:59 AM

Subject:
CN=Inar, O=Inar, POBox=125430, STREET="Mitinskaya 28, 1", L=Moscow, S=Moscow, PostalCode=125430, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AB4370BDD00A267992E2C4CE2CA93FB9

File PE Metadata
Compilation timestamp:
5/14/1992 5:21:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:681L66P1duDEo0UdX+VDuF97hk0l/ZNg9FedDY99:f+2DA9m0RiFf99

Entry address:
0x6E500B

Entry point:
E9, 0C, 04, 00, 00, 4D, F6, EB, 01, D4, 68, 72, 73, FC, B0, EB, 02, 53, 0B, E9, B7, 0B, 00, 00, 6B, F3, EB, 01, 82, C7, 40, 04, 64, 6C, 6C, 20, EB, 01, D6, 68, 0D, 7C, AE, 00, 9C, FF, 4C, 24, 04, 9D, C3, 81, F2, EB, 03, 24, CE, 5E, 51, EB, 01, AA, 68, E9, 8C, E2, 32, 9C, 81, 6C, 24, 04, 2E, 1C, 34, 32, 9D, C3, 36, F9, E2, F3, EB, 03, 76, A9, 8D, 05, CC, EC, BC, FF, EB, 02, 31, 92, E9, 33, 0A, 00, 00, 53, F3, EB, 01, CF, 89, 48, 08, EB, 02, 30, CB, EB, A6, 14, 0D, F3, EB, 03, EF, CD, 27, EB, 01, B6, 68, CA...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
2.1 MB (2,212,864 bytes)

The file cool-torrent.net_ride.along.2.2016.hdrip-torrent.exe has been seen being distributed by the following URL.

http://cool-films.z92527cf.bget.ru/get/a.php?url=http://cool-torrent.net/.../download.php?id=9810&name=cool-torrent.net_ride.along.2.2016.hdrip.torrent

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.