tally_erp_9_crack_license_serial_number_and_activa.exe

KEREST-SOFT

The executable tally_erp_9_crack_license_serial_number_and_activa.exe has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from docs.google.com.
Publisher:
KEREST-SOFT  (signed and verified)

MD5:
9751ee094ed2caa7ef1366255050a7c2

SHA-1:
67c5266a1ac67969818d370132abf141bb072828

SHA-256:
af32a3f25eaa8ddb183d98a68a65a8510d793d1e8978ff57cdbc82715a844e3a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 12:11:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.7.22

File size:
3.4 MB (3,596,928 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tally_erp_9_crack_license_serial_number_and_activa.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/5/2016 5:00:00 AM

Valid to:
3/6/2017 4:59:59 AM

Subject:
CN=KEREST-SOFT, O=KEREST-SOFT, STREET="d. 54 kv. 311, Pr-Kt Oktyabrski", L=Pskov, S=RU, PostalCode=180004, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4ED23625DF93CFDB3B858976584B7188

File PE Metadata
Compilation timestamp:
3/19/2016 9:37:06 PM

OS version:
4.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x349160

Entry point:
55, 8B, EC, 6A, FF, 68, 68, D1, 74, 00, 68, F8, 9E, 74, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 30, D0, 74, 00, 33, D2, 8A, D4, 89, 15, 40, 22, 75, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 3C, 22, 75, 00, C1, E1, 08, 03, CA, 89, 0D, 38, 22, 75, 00, C1, E8, 10, A3, 34, 22, 75, 00, 33, F6, 56, E8, E3, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AE, 08, 00, 00, FF, 15, 80, D0, 74, 00, A3, 38, 27, 75, 00, E8...
 
[+]

Entropy:
6.1026

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.3 MB (3,457,024 bytes)

The file tally_erp_9_crack_license_serial_number_and_activa.exe has been seen being distributed by the following URL.

https://docs.google.com/uc?id=0Bzz_5JIECO11TnVzWXFlb2ZqeW8&export=download