» tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe
Overview
Analysis
File Details
Downloads (1)

tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe

Internet Explorer

Consortium Group ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe, “Установщик надстроек Internet Explorer” by Consortium Group ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application.

File name:

Publisher:

Microsoft Corporation (signed by Consortium Group ltd)

Product:

Internet Explorer

Description:

Установщик надстроек Internet Explorer

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:

4e8ace9c0f893398615166beb0ef8c62

SHA-1:

7c962cb7323e6cb5ce39d1518928c4234200edf4

SHA-256:

7d3c280ed28acc6b0c832c5c2b4031f15ee20b25b5f5f2e8ba95754e7193a3c7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 4:35:12 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCube.Consorti (M)

16.7.13.17

File size:

3.5 MB (3,623,528 bytes)

Product version:

11.00.9600.16428

Original file name:

ieinstal.exe.mui

File type:

Executable application (Win64 EXE)

Digital Signature

Signed by:

Consortium Group ltd

Authority:

COMODO CA Limited

Valid from:

6/16/2015 4:00:00 AM

Valid to:

2/25/2016 3:59:59 AM

Subject:

CN=Consortium Group ltd, O=Consortium Group ltd, STREET="3RD FLOOR, C&h TOWERS,", STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR., L=ROSEAU, S=ROSEAU, PostalCode=00152, C=DM

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D6D9F6CD54311DD57B715B621215CF32

File PE Metadata

Compilation timestamp:

1/8/2016 7:41:46 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:BqZ4sKq8ZmFTlf+gU9Fwr2Ows8J3xT2SXheqChovelSYr0R:BKD8ZXdTwr2M8FdheqYovxX

Entry address:

0x2E7210

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

3.3 MB (3,493,888 bytes)

The file tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe has been seen being distributed by the following URL.

http://13a725962fe625506ba54864.downfastoloaders.net/.../?f=4f6c8408a329592ba5cfead6466ca5849ab907b67a76c35a9ca550b5310efbcf29a484e046cee4cd0d221485808adbda0a4107813aeb686a1801bc2564bd40935eb43f2f9b0ea4e296f401d7df83b34042eccd80148d50512bced72907165f673bc3776b63cd6a7692dd364f0833c6a9a83680e08148688108e84cf4fbb0ed4bf0618523afecec9056ab444cc0392b6762d1250ea6716ebf38f481e78e3a75992f994dd8d7f7bff76576983ae3c32182e50183bbd8bc9cd4751ae64ef893c3d24c229a40875a76c516bb11c229999e54ac322f82be4ca2f581beee633b56d2824186eb0857a1d83118ddf09e613591e236e9f1b8ea5c6abdfaabbc50ec3451d76393ab480942c7120d7d19a7780bddbbe730a0774cfd4a249259e9169a384856a8277594dadf67df29e451598da25a3fbb2e461afee64f62d4eb5c906e777c0628f71dff713d1c697b214e883e478278422fd9924e887ac41b6630702292ded855ba025379e494a8821c7fbf326b4dc9

Remove tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.