home

inside 2016.exe

SCSI Pass Through Direct

Idea Grant

The executable inside 2016.exe, “SCSI Pass Through Direct setup” has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from to11.ru.
Publisher:
Duplex Secure Ltd.  (signed by Idea Grant)

Product:
SCSI Pass Through Direct

Description:
SCSI Pass Through Direct setup

Version:
1.81.0.0 built by: WinDDK

MD5:
5d7faa45cb980112891e5c0baf18823b

SHA-1:
68c52906bc0ba86708d151317154d252a1361f3c

SHA-256:
7e220d6c6d13343d6994d685900d94c5979dbaf5c40ad568b05c589386d6129f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/16/2024 9:53:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.3.15

File size:
565.5 KB (579,048 bytes)

Product version:
1.81.0.0

Copyright:
Copyright (C) 2004-2012

Original file name:
sptdinst.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\inside 2016.exe

Digital Signature
Signed by:
Idea Grant

Authority:
COMODO CA Limited

Valid from:
7/7/2016 4:00:00 AM

Valid to:
7/8/2017 3:59:59 AM

Subject:
CN=Idea Grant, O=Idea Grant, STREET="Street Roshinsky 2-I, 4", L=Moscow, S=Moscow, PostalCode=11511, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1D3CFCB709BE6836F9A4B0955ED08E3E

File PE Metadata
Compilation timestamp:
7/27/2016 3:57:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:qS8FOI4ROvyXlPWB2CWMypDecu06emAvyWd+f:MFOIciygB2CWMeDoNQqWd+f

Entry address:
0x12B0

Entry point:
55, 8B, EC, B8, E0, 8B, 00, 00, E8, D3, FF, FF, FF, 53, 56, 57, C6, 45, F4, 3E, C1, E9, 00, 68, CF, 12, 40, 00, C3, 33, EB, EB, 02, 33, DD, 90, 8B, D2, 8D, 12, EB, 01, 50, EB, 02, 03, C7, EB, 02, 2B, C2, 68, EF, 12, 40, 00, C3, 81, C2, 6E, 9B, 47, 0A, C7, 85, 74, 77, FF, FF, 05, 00, 00, 00, 8B, 85, 74, 77, FF, FF, 83, C0, 0D, 89, 85, 74, 77, FF, FF, 81, BD, 74, 77, FF, FF, 89, D8, 00, 00, 76, 02, EB, 1C, 6A, 00, FF, 15, 4C, 70, 40, 00, 68, 84, D0, 40, 00, FF, 15, 88, 70, 40, 00, B9, 1F, 02, 00, 00, 85, C9...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
23.5 KB (24,064 bytes)

The file inside 2016.exe has been seen being distributed by the following URL.

http://to11.ru/m.php?q=INSIDE (2016) ??????? ??????? &sl=http://4torrents.net/.../download.php?id=9676

Remove inside 2016.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.