home

r.g._mechanics_life_is_strange-9731-torrent.exe

Thunderbird

INTIS

The application r.g._mechanics_life_is_strange-9731-torrent.exe by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Mozilla Corporation  (signed by INTIS)

Product:
Thunderbird

Description:
Media LLC Setup

Version:
31.2.0

MD5:
1dfbf78adc16d706832448a66de3ca8a

SHA-1:
903aab09aaefc829ecdcfe9e5fb2091c2fece891

SHA-256:
5440268372113fce0bec9ec5ccdeb955e176fbd71f2cb59ca15f8e2038446292

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 7:21:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour (M)
17.3.14.10

File size:
2.2 MB (2,292,680 bytes)

Product version:
31.2.0

Copyright:
©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Trademarks:
Thunderbird is a Trademark of The Mozilla Foundation.

Original file name:
thunderbird.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\r.g._mechanics_life_is_strange-9731-torrent.exe

Digital Signature
Signed by:
INTIS

Authority:
COMODO CA Limited

Valid from:
4/16/2016 3:00:00 AM

Valid to:
4/17/2017 2:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
Compilation timestamp:
6/17/2016 5:59:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

Entry address:
0x611FD8

Entry point:
E9, 23, 00, 03, 00, 49, 45, 4D, A9, A2, E3, AB, 83, D3, 61, 0B, 66, 87, 9E, AB, 1A, 10, D9, 8F, 83, 8F, 50, D6, 51, 0A, 88, 0E, 85, E5, 4F, B5, 0C, 5F, 14, 3E, 95, 8B, 58, 21, D1, 8B, B3, 1D, 1A, AD, 02, 2E, D3, 82, 5F, 68, AE, 0D, 9F, 7D, 46, 44, 29, 18, 31, 6A, A1, F8, 0E, 19, 72, 52, 06, D9, 91, FB, AB, DC, E5, 18, 53, 82, 7B, 20, 47, F3, F3, 27, A9, 0F, 74, BF, 41, F6, C7, 71, BD, F5, C7, 48, 54, AA, 06, 3F, D1, 24, 01, FE, FD, 85, 3B, 94, 11, 64, 53, BD, D3, 8A, 51, AF, 77, 23, E1, 43, 5A, A4, AB, 7D...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
2 MB (2,079,744 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.