GTA-Turk.exe

CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti

The application GTA-Turk.exe by CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Sti has been detected as adware by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.tamindir.com and multiple other hosts. While running, it connects to the Internet address 032-083-143-095.as39912.net on port 80 using the HTTP protocol.
Version:
1, 1, 0, 0

MD5:
addb430d29d72be1e42607d720061836

SHA-1:
5e3b0515ebef4dea1f7a4bfe72002599b6a01a11

SHA-256:
77eb290a8cec03d655d28425ad977500490cad5436e7fb2e86fc7c533262145a

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/2/2024 5:20:07 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Bundler
v2014.04.11.08

Reason Heuristics
PUP.CNTBilisimTeknolojisipazrekturltlhTicSti.I
14.8.8.0

Trend Micro House Call
TROJ_GEN.F47V0219
7.2.101

File size:
537.3 KB (550,160 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\gta-turk.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/5/2014 7:00:00 PM

Valid to:
2/5/2017 6:59:59 PM

Subject:
CN=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, O=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, STREET=273/1 Sk. Mansuroglu Mah. Narlibahce Sit. No:6 B1 Blok Daire:2, L=Izmir, S=Izmir, PostalCode=35030, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD38E0D9B8EC881E28CC1693FCA30FC5

File PE Metadata
Compilation timestamp:
1/29/2012 4:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:s6Wq4aaE6KwyF5L0Y2D1PqLnc8x2HcezkMkBgJcRaWq:qthEVaPqLnc22Hbzk7BgJccN

Entry address:
0xB2E80

Entry point:
60, BE, 00, 10, 47, 00, 8D, BE, 00, 00, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9712

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file GTA-Turk.exe has been seen being distributed by the following 3 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 202-35.vargonen.net  (178.18.202.35:80)

TCP (HTTP):
Connects to 032-083-143-095.as39912.net  (95.143.83.32:80)

Remove GTA-Turk.exe - Powered by Reason Core Security