home

kodi-15.2-isengard_rc3.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.bitstagcontent.com and multiple other hosts.
MD5:
003f459c498c52c53aa74e745a741dc6

SHA-1:
6d959260200d6f69b14b77d833f2f586573f4911

SHA-256:
3d2673b2c5719e519b54596a20adeb82846c5beeecb8e451537aa335a829b7e4

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/24/2024 2:31:47 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.RDM.34!5.28[F1]
23.00.65.151104

ViRobot
Trojan.Win32.A.Zbot.66591592[h]
2014.3.20.0

File size:
63.5 MB (66,591,592 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\kodi-15.2-isengard_rc3.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:4WOvmYwKdpGNNI9edWCE6yzsKtQgbP2O4elxM3oCMHp:FYwIGNNI9edWhDsKtFb8eTMYCG

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9979

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file kodi-15.2-isengard_rc3.exe has been seen being distributed by the following 8 URLs.

http://www.bitstagcontent.com/gtCBUQEI1SkNEj7da22TqQSkvL346_iih3XQhoCN8l9it p35bV7baKShJpiDRlKncIPl8loAbR_VdVi UK3kPZT_3T_RxvDwEDOaZtxRUSC5RribajFcheFRs79WQAQGvdzmyTxCrub_LvDxB6ZeSIPHbKRTLCM7OmfoTsERPUQNufSNQUtl3GhEICZqaUsyctnL6gHxva2z69KRPjhh X54ki5A==-G2wBAGSZzbbpuiEJ2r64BqkZvL5t13G3oCLiWEKj04lWt_2j3zjOxk43hoZomI_JadZ rfOVUFCAHXhRvHlBP4UZ1yjOCX6C_1EESG2cFqNZGjAwHNlRydMeLdPHMiqef_PGI9ua_LOtcW 2HNT ZG3r4Uazw7OtHXZzuIXGtpxs5wspN60DGq9tnRxtHd8 7LuH7R37uP18dnp41eD Lh9AStvg_ldhnboxaHC_qAb36afoD8qUdOxSzWtxyy2i8gDP9s3e73ywzGUNvLjEp5tBb5rTULSy1p8lQ Mzql_LvCa9cz4kiAlJukzGKwk6tUHm0NVRO3WjEi5prw20I5CzDqzDiEohRgA=

http://www.videohelp.com/.../kodi-15.2-Isengard_rc3.exe

http://www.bitstagcontent.com/yyYcbvl6CYU6NzMBN_7UEs2AzOMrZZ7ibYyDR_Gz9AyRCpxexXgodP7zLN0owZ GHWkYUeL4acssDD8afgbEhdQ0BfMjtFXXFJdpPgY4B_gTt9fxoS8DlT6Upk1BFENMN9ugIJ7OacGUExcjJ0Jr8lE QwiP081OloMbSRdjZfVYttxmbCtJypMU5bq iAV2c2tsnM4JfnybmtFf2NeTdKTV bWUDQ==-G2wBAOSYLrcp3UjuwCvu5CFmpPq2Xcfdgoo4puDweKLV7Z g2TidGbkTj9dRZBmnLOZ5OAnFALRhHFg8PLc_wRn3CKUSf4L_ERIELhRP6t6VBEVMyVHwXW4n9zEtWOx__cYj2Wr_yVaT91M5F 3a1sMNJ4dnWzvk5nCLCrmUZDtfSHfdXNpmbevkaOv49mFfPWzvyMft57PTw6uI7t_yAoGKiO5_BTKpE8GI7gcW0X37E_iHZRLtu3b2a3XTLQqQoJ_5_d7vUE4 rKEGAHy4KfPOu6WosFb0Ykg Yuevya9ptFwJrzLhkTJIHVLOLGrjHDgjLDqtTZqB0p4bA4ItnLQSbOp5ZmzmAQ==

http://filehippo.com/download/file/.../

http://filehippo.com/download/file/.../

http://mirror.gtlib.gatech.edu/pub/xbmc/releases/.../kodi-15.2-Isengard_rc3.exe

http://mirrors.kodi.tv/releases/.../kodi-15.2-Isengard_rc3.exe

http://fs37.filehippo.com/8039/.../kodi-15.2-Isengard_rc3.exe

Scan kodi-15.2-isengard_rc3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.