home

game37679-2267-torrent.exe

InstallShield

INTIS

The application game37679-2267-torrent.exe by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallShield Setup installer. The file has been seen being downloaded from s111f.storage.yandex.net.
Publisher:
Macrovision Corporation  (signed by INTIS)

Product:
InstallShield

Version:
12.0.49974

MD5:
0d3f4eb2446fefdd18215ba1bb3ba0de

SHA-1:
ba809495df1d2dade01bcfdfe7c7974b6bd08bd1

SHA-256:
2873fca72c828a8e20d04d490581b815e2d9277e8a225d918c4ea07ca1a7f191

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:38:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
16.7.27.6

File size:
2.7 MB (2,779,592 bytes)

Product version:
12.0

Copyright:
Copyright (C) 2006 Macrovision Corporation

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Installer:
InstallShield Setup

Common path:
C:\users\{user}\downloads\game37679-2267-torrent.exe

Digital Signature
Signed by:
INTIS

Authority:
COMODO CA Limited

Valid from:
4/16/2016 4:00:00 AM

Valid to:
4/17/2017 3:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:olKDltK9CqghBWGlbaWIl3ybzoCYs83WwtBsLl4DoHe4sB/DFvqX:aKvtqg78WIQIFLul4DOjsB/DFyX

Entry address:
0x76B13B

Entry point:
54, 6A, 40, 68, 00, A0, 00, 00, 68, 00, A0, B6, 00, 6A, FF, B8, 0E, 31, B5, 00, 40, 68, 57, B1, B6, 00, FF, 20, 0F, 84, A3, EE, FF, FF, 0F, 85, 9D, EE, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
2.5 MB (2,608,128 bytes)

The file game37679-2267-torrent.exe has been seen being distributed by the following URL.

https://s111f.storage.yandex.net/rdisk/11e84337b386d160974ea118fae995bfebdd08d09487419ea1498d93e1f807b3/57839d0d/GWSGeT_mZEOv4VVx61K3_kMH7gySd8DZ5-Rj5yO-MCxGv28Toth8PRaYSXy0bQkyQXR_WMiawOjbesiidQaoiQ==?uid=358720970&filename=game37679-2267-torrent.exe&disposition=attachment&hash=&limit=0&content_type=application/x-msdownload&fsize=2779592&hid=d83f83de0393d23c5d7dd6e04a9ccae5&media_type=executable&tknv=v2&etag=0d3f4eb2446fefdd18215ba1bb3ba0de&rtoken=R5Y1KFr1d6Hs&force_default=yes&ycrid=na-d05bc8dd811cc81c7e8e24c43b5c6f06-downloader6d&ts=5375c03279d40&s=6fdaf5161eaa0975752243dc2989ac34b047677de3c60a8157390aa5aeb7868e&bp=/2/.../data-0.18:40244851225:2779592

Remove game37679-2267-torrent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.