» mindjet_mindmanager_150160_x86-torrent.exe
Overview
Analysis
File Details
Downloads (1)

mindjet_mindmanager_150160_x86-torrent.exe

HeadConv

Artem Pavlov

The executable mindjet_mindmanager_150160_x86-torrent.exe, “DLL Header Installer” has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from ec2-52-18-155-33.eu-west-1.compute.amazonaws.com.

File name:

Publisher:

DrBob42 (signed by Artem Pavlov)

Product:

HeadConv

Description:

DLL Header Installer

Version:

4.20.0.0

MD5:

11a4bb17c10aca58b81189b1401c79c7

SHA-1:

37893d5137853f74d0d54ea509627df007a6e4f1

SHA-256:

d08f566ed7f1ad09dbea0839f0e7946663047f785921acb2d33b602c673aa397

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/24/2024 2:59:13 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.4.19

File size:

1.3 MB (1,359,296 bytes)

Product version:

4.20

Original file name:

HeadConv

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\mindjet_mindmanager_150160_x86-torrent.exe

Digital Signature

Signed by:

Artem Pavlov

Authority:

thawte, Inc.

Valid from:

4/27/2015 3:00:00 AM

Valid to:

4/27/2016 2:59:59 AM

Subject:

CN=Artem Pavlov, OU=Individual Developer, O=No Organization Affiliation, L=Kiev, S=Kiev, C=UA

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

1209A99F1D019CE4742AE045D24C83FF

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xC0340

Entry point:

55, 8B, EC, 83, C4, F0, B8, F8, FC, 4B, 00, E8, 4C, 68, F4, FF, A1, 38, 54, 4C, 00, 8B, 00, E8, C8, 9C, F9, FF, A1, 38, 54, 4C, 00, 8B, 00, 33, D2, E8, DE, 98, F9, FF, 8B, 0D, B0, 57, 4C, 00, A1, 38, 54, 4C, 00, 8B, 00, 8B, 15, FC, 9C, 4B, 00, E8, BA, 9C, F9, FF, 8B, 0D, 9C, 4D, 4C, 00, A1, 38, 54, 4C, 00, 8B, 00, 8B, 15, 4C, 95, 4B, 00, E8, A2, 9C, F9, FF, A1, 38, 54, 4C, 00, 8B, 00, E8, 16, 9D, F9, FF, E8, C1, 41, F4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.8127

Developed / compiled with:

Microsoft Visual C++

Code size:

765 KB (783,360 bytes)

The file mindjet_mindmanager_150160_x86-torrent.exe has been seen being distributed by the following URL.

http://ec2-52-18-155-33.eu-west-1.compute.amazonaws.com/api/download/AHG5K7oZ9hE/lydCquoNukSRRkvU9U8BCQ/lydCquoNukTN7ejjDZuxbA/.../R843pomA1V9w8aKju3pP2o35DFFBWMXG-_YJDSVNjuX3BPw7OfA16E61BLmTOLRQaMJdpQQTjsJrXx0aL2r9Dw

Remove mindjet_mindmanager_150160_x86-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.