pak-j110hxxu0apb2-20160203064711-zip.exe

INTIS

The application pak-j110hxxu0apb2-20160203064711-zip.exe by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from samsung-updates.ru.
Publisher:
INTIS  (signed and verified)

MD5:
bde1a7aff62d3e8c9ba65fbf3b28f82c

SHA-1:
dc2d217497b53f9700bb187ba9112a18d71e45bf

SHA-256:
ae3941da0c34bed9049af396533a903e4f26c5284c91d91f20d5496360e97aed

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:07:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
17.3.14.16

File size:
2.8 MB (2,985,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pak-j110hxxu0apb2-20160203064711-zip.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/16/2016 5:00:00 AM

Valid to:
4/17/2017 4:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
Compilation timestamp:
6/24/2006 12:39:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x6ED1A4

Entry point:
60, 33, C9, 41, 8B, 89, B9, 30, AE, 00, 0F, B6, 09, 83, E9, 08, 80, E9, B0, 0B, C9, 75, 0B, CC, CC, CC, 90, 90, 90, 90, 90, 90, 90, 90, 61, 57, E9, 6D, 07, 00, 00, 9E, FF, E0, 68, 85, 54, E5, 84, 9C, 81, 44, 24, 04, 4C, 6C, C9, 7B, 9D, C3, 55, B8, E6, E3, 6F, 00, 68, 6D, CF, AE, 00, 9C, FF, 44, 24, 04, 9D, C3, 6B, 89, 02, E9, 34, F5, FF, FF, 4D, 60, 83, E0, 00, 68, 2B, C6, AE, 00, C3, 7C, F6, 2D, 7F, 1F, 24, 00, E9, 35, F8, FF, FF, A6, FF, 10, E9, BE, 02, 00, 00, 98, 1B, 38, 81, 04, 24, BE, BD, A9, A6, 68...
 
[+]

Entropy:
6.7921

Code size:
2 MB (2,054,144 bytes)

The file pak-j110hxxu0apb2-20160203064711-zip.exe has been seen being distributed by the following URL.

http://samsung-updates.ru/.../file.php?url=aHR0cDovL3NhbXN1bmctdXBkYXRlcy5ydS91cGRhdGUyL3NhbXNncmFkZXNhL1BBSy1KMTEwSFhYVTBBUEIyLTIwMTYwMjAzMDY0NzExLnppcA==&UEFLLUoxMTBIWFhVMEFQQjItMjAxNjAyMDMwNjQ3MTEuemlw

Remove pak-j110hxxu0apb2-20160203064711-zip.exe - Powered by Reason Core Security