home

need_for_speed_-_carbon-6393-torrent.exe

Dr.Web

INTIS

The application need_for_speed_-_carbon-6393-torrent.exe, “Install Hepler 1.4.0.1” by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from downloader.disk.yandex.ru.
Publisher:
Doctor Web, Ltd.  (signed by INTIS)

Product:
Dr.Web (R)

Description:
Install Hepler 1.4.0.1

Version:
6.00.2.03250

MD5:
bf8815005a485116f747bdbac1382940

SHA-1:
7ea6d956733a2a0c97263db5b3b0a3b77fdc1dce

SHA-256:
02ea3477b441820467a2ea0e8d2cf17f25d582fb9a055dfdda87299259991ce2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:52:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
17.3.13.5

File size:
2.6 MB (2,674,120 bytes)

Product version:
6.00.2.03250

Copyright:
(c) Doctor Web, Ltd, 1992-2010

Original file name:
drwreg.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\need_for_speed_-_carbon-6393-torrent.exe

Digital Signature
Signed by:
INTIS

Authority:
COMODO CA Limited

Valid from:
4/16/2016 3:00:00 AM

Valid to:
4/17/2017 2:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x20C000

Entry point:
E9, A8, 11, 00, 00, C3, AE, FF, E0, E9, 1C, 05, 00, 00, 6E, 81, 04, 24, CA, 22, 92, A3, 68, FE, C7, 60, 00, 9C, FF, 4C, 24, 04, 9D, C3, B0, 8B, 54, 24, 0C, 68, 04, D3, 60, 00, C3, 33, 2A, 8D, 64, 24, 04, 68, 64, AB, 49, 81, 9C, 81, 44, 24, 04, 8C, 27, 17, 7F, 9D, C3, ED, F5, 81, C2, 0B, 5C, 6B, 00, E9, 2C, 0B, 00, 00, 80, E9, 47, 0E, 00, 00, 6B, B8, D3, 6B, BF, 00, 68, 1F, 81, C4, 40, 9C, 81, 6C, 24, 04, 9E, BA, 63, 40, 9D, C3, 86, 81, C2, 15, 24, FD, 00, 68, 46, BD, 62, 9D, 9C, 81, 44, 24, 04, F4, 12, FE...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
2.5 MB (2,593,280 bytes)

The file need_for_speed_-_carbon-6393-torrent.exe has been seen being distributed by the following URL.

https://downloader.disk.yandex.ru/disk/3523e4d7826cec3aa1b8d42efcbb38311453f3477cac540d0df6bb84f6f419aa/5778556c/.../x-msdownload&fsize=2674120&hid=26607aafaaa30d2fe41d14cacfa6260a&media_type=executable&tknv=v2&etag=bf8815005a485116f747bdbac1382940

Remove need_for_speed_-_carbon-6393-torrent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.