» crafting-story-torrentom.exe
Overview
Analysis
File Details

crafting-story-torrentom.exe

Операционная система Microsoft Windows

Develop Invest, TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable crafting-story-torrentom.exe, “Исполняемый файл для игры "Червы"” has been detected as malware by 1 anti-virus scanner.

File name:

Publisher:

Microsoft Corporation (signed by Develop Invest, TOV)

Product:

Операционная система Microsoft® Windows®

Description:

Исполняемый файл для игры "Червы"

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

5f6068feba8d2b033efb6697c2399304

SHA-1:

2ad337912cece042f038dcd40059bd8826840f53

SHA-256:

8c93b7005cf7d7206c9a2fbf50e40007d8db797450bdce136dc43a2431357ecb

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/24/2024 4:10:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.2.23.13

File size:

3.2 MB (3,333,640 bytes)

Product version:

6.1.7600.16385

Original file name:

hearts.exe.mui

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\crafting-story-torrentom.exe

Digital Signature

Signed by:

Develop Invest, TOV

Authority:

COMODO CA Limited

Valid from:

5/10/2016 3:00:00 AM

Valid to:

5/11/2017 2:59:59 AM

Subject:

CN="Develop Invest, TOV", OU=IT, O="Develop Invest, TOV", STREET="vul. Svitlytskogo, 35", L=Kiev, S=Kiev, PostalCode=04080, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A92AE1C6A35F5607D7A0245CBC2565BF

File PE Metadata

Compilation timestamp:

11/28/2009 8:04:49 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x37786

Entry point:

E8, 69, 11, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, 64, 44, 00, E8, 04, 17, 00, 00, E8, 3A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, FC, 10, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BB, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

258 KB (264,192 bytes)

Remove crafting-story-torrentom.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.