partizan _ partisan-torrent.exe

CAPITAL SOFTWARE CONSULTANCY LTD

The executable partizan _ partisan-torrent.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from ec2-52-31-202-8.eu-west-1.compute.amazonaws.com.
Publisher:
CAPITAL SOFTWARE CONSULTANCY LTD  (signed and verified)

Version:
1.0.0.0

MD5:
ac209b1d27c232964ee4080587872f95

SHA-1:
581e2816340df71a6c250b04d9fb4263ee4abbe2

SHA-256:
b91992ddc04594c142320c34d99678b8754a263c79f2c663d7e627211b37100a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 1:20:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.8.15

File size:
2.2 MB (2,278,400 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/10/2015 2:00:00 AM

Valid to:
11/10/2016 1:59:59 AM

Subject:
CN=CAPITAL SOFTWARE CONSULTANCY LTD, O=CAPITAL SOFTWARE CONSULTANCY LTD, POBox=CF23 8SL, STREET=58 Cranbourne Way Pontprennau, L=Cardiff, S=South Glamorgan, PostalCode=CF23 8SL, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4125F00DB7D3D769AA161DDC92CC0CB3

File PE Metadata
Compilation timestamp:
12/30/1992 10:26:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xE836F

Entry point:
8D, 00, A1, 84, 07, 4F, 00, 0F, B6, 00, 2C, B0, 83, E8, 08, 75, 84, E8, E5, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
925.5 KB (947,712 bytes)

The file partizan _ partisan-torrent.exe has been seen being distributed by the following URL.

http://ec2-52-31-202-8.eu-west-1.compute.amazonaws.com/api/download/YkoBwMhP0_g/lydCquoNukSRRkvU9U8BCQ/lydCquoNukQcnXGlHKgKCA/.../ATkRL-ClSYRBd412akS7gMhkkxQDV9XhfAWYc-V-AK0RDZ_Hf-8BHToMz-nbC04IPOYrYQXkxuE

Remove partizan _ partisan-torrent.exe - Powered by Reason Core Security