home

grand_theft_auto_v_by_xatab-2484-torrent.exe

Dr.Web

INTIS

The application grand_theft_auto_v_by_xatab-2484-torrent.exe, “Install Hepler 1.4.0.1” by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from downloader.disk.yandex.ru.
Publisher:
Doctor Web, Ltd.  (signed by INTIS)

Product:
Dr.Web (R)

Description:
Install Hepler 1.4.0.1

Version:
6.00.2.03250

MD5:
fdd1011a4f5ffa6dce36381b0d5f7c61

SHA-1:
13e9bef5ff4ea34118647d4032aac947e5d5f4bf

SHA-256:
0c4f1af7e335c01d9063bc286b6fce0ac42816ae7fe9e7becff06a4537f1bb6e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:33:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
17.3.12.6

File size:
2.6 MB (2,674,120 bytes)

Product version:
6.00.2.03250

Copyright:
(c) Doctor Web, Ltd, 1992-2010

Original file name:
drwreg.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\grand_theft_auto_v_by_xatab-2484-torrent.exe

Digital Signature
Signed by:
INTIS

Authority:
COMODO CA Limited

Valid from:
4/16/2016 5:00:00 AM

Valid to:
4/17/2017 4:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

Entry address:
0x20DD96

Entry point:
BB, 00, A0, 60, 00, 81, C3, 00, 20, 00, 00, FF, E3, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, FC, 33, D2, 64, 8B, 52, 30, 8B, 52, 0C, 8B, 52, 14, 8B, 72, 28, 6A, 18, 59, 33, FF, 33, C0, AC, 3C, 61, 7C, 02, 2C, 20, C1, CF, 0D, 03, F8, E2, F0, 81, FF, 5B, BC, 4A, 6A, 8B, 5A, 10, 8B, 12, 75, DB, C3, 55, 8B, EC, 56, 57, 53, 8B, 75, 08, 66, 81, 3E, 4D, 5A, 75, 61, 03, 76, 3C, 66, 81, 3E, 50, 45, 75, 57, 8B, 7D, 0C, B9, FF, FF, FF, FF, 33, C0, F2, AE, B8, FE, FF, FF, FF, 2B, C1, 8B, C8, 8B, 56, 78, 03, 55, 08, 8B...
 
[+]

Code size:
2.5 MB (2,593,280 bytes)

The file grand_theft_auto_v_by_xatab-2484-torrent.exe has been seen being distributed by the following URL.

https://downloader.disk.yandex.ru/disk/20b5dce8988a70428f5d5f2c70ea8d79c8243769e2c55aeed4626c49752ef17a/577a8445/.../x-msdownload&fsize=2674120&hid=f7d393eb0b5306236a105f5c7a841cd7&media_type=executable&tknv=v2&etag=fdd1011a4f5ffa6dce36381b0d5f7c61

Remove grand_theft_auto_v_by_xatab-2484-torrent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.