legends-of-equestria.exe

TOV

The executable legends-of-equestria.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from yes-i-am-rich.com.
Publisher:
TOV   (signed and verified)

Version:
4.5.4.10

MD5:
7816723543e724d4107c16eb68cc99d0

SHA-1:
0195d20819cd8f82ab2e5b7add4200cd9c8a9efa

SHA-256:
72dbd3fc5a8f5f9ff4405304ecf4e9c131053a359e991b03238b8dc37384712a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 6:16:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.5.18.5

File size:
2.5 MB (2,630,608 bytes)

Product version:
4.5.4.10

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\legends-of-equestria.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/25/2016 9:00:00 PM

Valid to:
2/12/2017 9:59:59 PM

Subject:
CN="TOV ""RENT-IT""", OU=IT, O="TOV ""RENT-IT""", STREET="vul. Knyazhyy Zaton, 16-A", L=Kiev, S=Kiev, PostalCode=02095, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
19ACE3BFB198AF52FB7E58A91770EF4C

File PE Metadata
Compilation timestamp:
10/4/2010 9:03:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:LfuDsvfdrTbsUUyBlcI+Rho5BYbsPR4R6Xr:7uDo1fsULLcIuCrjP+s

Entry address:
0x1DC550

Entry point:
55, 8B, EC, 81, EC, 30, 0F, 00, 00, 8B, 85, 4C, FF, FF, FF, 89, 85, 68, F5, FF, FF, 8B, 8D, 68, F5, FF, FF, 83, E9, 07, 89, 8D, 68, F5, FF, FF, 81, BD, 68, F5, FF, FF, B7, 00, 00, 00, 77, 6E, 8B, 95, 68, F5, FF, FF, 0F, B6, 82, 90, EC, 5F, 00, FF, 24, 85, 74, EC, 5F, 00, 8A, 4D, 98, 88, 8D, 7F, FE, FF, FF, EB, 58, C7, 45, 90, DD, 52, 00, 00, EB, 4F, 0F, B7, 95, 10, FF, FF, FF, 8B, 45, B8, 8D, 8C, 10, 68, 56, 00, 00, 89, 4D, BC, EB, 39, 8B, 95, 70, FF, FF, FF, 83, EA, 39, 89, 95, 64, FF, FF, FF, EB, 28, 33...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.2 MB (2,307,584 bytes)

The file legends-of-equestria.exe has been seen being distributed by the following URL.

Remove legends-of-equestria.exe - Powered by Reason Core Security