home

setuppdd2014.exe

Ekzamen po biletam PDD 2014 kategorii ?A, V? 2.0

Limited Liability Company

The application setuppdd2014.exe, “Installer Ekzamen po biletam PDD 2014 kategorii ?A, V? 2.0” by Limited Liability Company has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Limited Liability Company Tur.ru  (signed by Limited Liability Company )

Product:
Ekzamen po biletam PDD 2014 kategorii ?A, V? 2.0

Description:
Installer Ekzamen po biletam PDD 2014 kategorii ?A, V? 2.0

Version:
1.0.0.0

MD5:
7c214a160dc50a9d07bde7cde82467ec

SHA-1:
c6a2cd348f3cde176b31642953006a749a875a5b

SHA-256:
d9713da3843f9bf248f4624d6d73b9072eec0fd09364b8fb6de33b8874a504ce

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 5:47:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LimitedLiabilityCompany.Installer (M)
15.7.8.1

File size:
73.6 MB (77,192,976 bytes)

Copyright:
Limited Liability Company Tur.ru

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setuppdd2014.exe

Digital Signature
Signed by:
Limited Liability Company

Authority:
COMODO CA Limited

Valid from:
8/27/2014 7:00:00 AM

Valid to:
8/28/2015 6:59:59 AM

Subject:
CN="Limited Liability Company ""Tur.ru""", O="Limited Liability Company ""Tur.ru""", STREET="Walnut Blvd, 18", L=Moscow, S=Moscow, PostalCode=115583, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2AF64B5834DE5549AC5FAD1A0D610C79

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1572864:yXU/hNzDVglcbCtN/uH/QFp4UVaWyO5ohbSWgzic0mPmn:auh1VglcbCEQFyUVaRO5abSWgzizmPw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setuppdd2014.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.