» gadanie pri svechah tfile me torrent.exe
Overview
Analysis
File Details
Downloads (1)

gadanie pri svechah tfile me torrent.exe

2007 Microsoft Office system

PORT PROM

The executable gadanie pri svechah tfile me torrent.exe, “2007 Microsoft Office component” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from herotremble.ru.

File name:

Publisher:

M icrosoft Corporation (signed by PORT PROM)

Product:

2007 Microsoft Office system

Description:

2007 Microsoft Office component

Version:

12.0.6606.1000

MD5:

0cc7dac2e2206b73666d13c29e2d674e

SHA-1:

d5374601b99e0e0c950fa8d47585d96351f97d29

SHA-256:

190a43962259afa7744922400255a74e7fcccf9635de802462b9472e872edf03

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/6/2024 7:45:38 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.5.6

File size:

805.5 KB (824,848 bytes)

Product version:

12.0.6606.1000

Original file name:

SetLang.Exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\gadanie pri svechah tfile me torrent.exe

Digital Signature

Signed by:

PORT PROM

Authority:

COMODO CA Limited

Valid from:

7/7/2016 3:00:00 AM

Valid to:

7/8/2017 2:59:59 AM

Subject:

CN=PORT PROM, O=PORT PROM, STREET="d. 33 str. 1, ul.1-Ya Brestskaya", L=Moscow, S=Moscow, PostalCode=125047, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ED626D75C5323A188C6E74611FD410E9

File PE Metadata

Compilation timestamp:

7/23/2016 10:47:06 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x1010

Entry point:

55, 8B, EC, 81, EC, 94, 02, 00, 00, 53, 56, 57, C6, 85, 6F, FF, FF, FF, D6, 8D, 09, 68, 2D, 10, 40, 00, C3, CD, 7F, 8B, 85, CC, FE, FF, FF, C1, E8, D7, 89, 85, D4, FE, FF, FF, 8B, 95, CC, FE, FF, FF, 8B, 8D, D8, FE, FF, FF, D3, E2, 89, 95, D4, FE, FF, FF, 68, 84, 10, 49, 00, FF, 15, E4, C1, 48, 00, 8B, 85, D8, FE, FF, FF, 8B, 8D, D4, FE, FF, FF, D3, E8, 89, 85, D8, FE, FF, FF, 8B, 8D, DC, FE, FF, FF, C1, E9, 43, 89, 8D, D0, FE, FF, FF, 68, 88, 10, 49, 00, FF, 15, E8, C1, 48, 00, 8B, 95, D0, FE, FF, FF, 81... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

554.5 KB (567,808 bytes)

The file gadanie pri svechah tfile me torrent.exe has been seen being distributed by the following URL.

http://herotremble.ru/.../522378-masd

Remove gadanie pri svechah tfile me torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.