» stronghold crusader 2003-torrent.exe
Overview
Analysis
File Details
Downloads (1)

stronghold crusader 2003-torrent.exe

Key Collector Starter

CAPITAL SOFTWARE CONSULTANCY LTD

The executable stronghold crusader 2003-torrent.exe, “Marverll Collector” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from ttorenttor.ru.

File name:

Publisher:

LegatoSoft (signed by CAPITAL SOFTWARE CONSULTANCY LTD)

Product:

Key Collector Starter

Description:

Marverll Collector

Version:

1.1.0.0

MD5:

d80581d0d995292f0b8f84c7b064d592

SHA-1:

0f416a1ee1dddf75745e6c6fd3baed82d375464c

SHA-256:

9f921bdc2aa80125970ae376ac8664e9b3dce6417c10a129e67e0421bbc2ca36

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/16/2024 9:45:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.22.19

File size:

2.2 MB (2,326,640 bytes)

Product version:

1.1.0.0

LegatoSoft

Original file name:

Run.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\stronghold crusader 2003-torrent.exe

Digital Signature

Signed by:

CAPITAL SOFTWARE CONSULTANCY LTD

Authority:

COMODO CA Limited

Valid from:

11/10/2015 3:00:00 AM

Valid to:

11/10/2016 2:59:59 AM

Subject:

CN=CAPITAL SOFTWARE CONSULTANCY LTD, O=CAPITAL SOFTWARE CONSULTANCY LTD, POBox=CF23 8SL, STREET=58 Cranbourne Way Pontprennau, L=Cardiff, S=South Glamorgan, PostalCode=CF23 8SL, C=GB

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4125F00DB7D3D769AA161DDC92CC0CB3

File PE Metadata

Compilation timestamp:

1/2/2015 6:45:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

24576:AmxwuYmJxDKPvzgzOqposP19W5QrzH9HCrciVa1nCsVmGR0RkKeiljCa2IT0SpuW:4a1KjgzdP7zdHNpVg689J4qW3psE8

Entry address:

0x1101E4

Entry point:

55, 8B, EC, 83, C4, F0, B8, 34, FC, 50, 00, E8, B0, 6C, EF, FF, A1, D0, 67, 51, 00, 8B, 00, E8, 74, 43, F5, FF, A1, D0, 67, 51, 00, 8B, 00, 33, D2, E8, 72, 3F, F5, FF, 8B, 0D, 10, 64, 51, 00, A1, D0, 67, 51, 00, 8B, 00, 8B, 15, 1C, 7A, 50, 00, E8, 66, 43, F5, FF, 8B, 0D, 80, 6C, 51, 00, A1, D0, 67, 51, 00, 8B, 00, 8B, 15, 00, 76, 50, 00, E8, 4E, 43, F5, FF, A1, D0, 67, 51, 00, 8B, 00, E8, C2, 43, F5, FF, E8, 09, 44, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.1 MB (1,111,040 bytes)

The file stronghold crusader 2003-torrent.exe has been seen being distributed by the following URL.

http://ttorenttor.ru/m.php?q=Stronghold Crusader (2003)&sl=http://rutorgames.org/.../download.php?id=535

Remove stronghold crusader 2003-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.