postanovlenie_plenuma_vs_rf_o_poboyah.exe

DATAKOM

The application postanovlenie_plenuma_vs_rf_o_poboyah.exe by DATAKOM has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-10-4s-docs.googleusercontent.com.
Publisher:
DATAKOM  (signed and verified)

MD5:
ebb666259b7349e04747f3a219339d80

SHA-1:
8177a2f5a2d896abfb59e9e710f4f23f4be418e4

SHA-256:
ba3dd38ce08f1299e4d65c790b8badb2a67aa79f40ecc964d5f76532bb6b1959

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:50:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCube.DATAKOM (M)
16.3.10.14

File size:
3.5 MB (3,617,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\postanovlenie_plenuma_vs_rf_o_poboyah.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/1/2016 4:00:00 AM

Valid to:
3/2/2017 3:59:59 AM

Subject:
CN=DATAKOM, O=DATAKOM, STREET="ul. Sovetskaja, 5", L=Magadan, S=RU, PostalCode=685000, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0087EB1BCFAC55DEE1AF546124A948B7D3

File PE Metadata
Compilation timestamp:
3/8/2016 2:52:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:W0n7vGnDygATs5oWU0fnFfF/ImSuYdnVPNh54ItUm/wxMm6UwWWBQ+GhuFTtF3KJ:WqGmqNtnA5r5VUwfBQeF3KPPtbqU

Entry address:
0x277270

Entry point:
55, 8B, EC, 6A, FF, 68, 50, D1, 74, 00, 68, 08, 80, 67, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 20, D0, 74, 00, 33, D2, 8A, D4, 89, 15, 4C, 21, 75, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 48, 21, 75, 00, C1, E1, 08, 03, CA, 89, 0D, 44, 21, 75, 00, C1, E8, 10, A3, 40, 21, 75, 00, 33, F6, 56, E8, E3, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AE, 08, 00, 00, FF, 15, 74, D0, 74, 00, A3, 58, 26, 75, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.3 MB (3,454,976 bytes)

The file postanovlenie_plenuma_vs_rf_o_poboyah.exe has been seen being distributed by the following URL.

Remove postanovlenie_plenuma_vs_rf_o_poboyah.exe - Powered by Reason Core Security