tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe

Internet Explorer

Consortium Group ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe, “Установщик надстроек Internet Explorer” by Consortium Group ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed by Consortium Group ltd)

Product:
Internet Explorer

Description:
Установщик надстроек Internet Explorer

Version:
11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:
4e8ace9c0f893398615166beb0ef8c62

SHA-1:
7c962cb7323e6cb5ce39d1518928c4234200edf4

SHA-256:
7d3c280ed28acc6b0c832c5c2b4031f15ee20b25b5f5f2e8ba95754e7193a3c7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 7:42:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCube.Consorti (M)
16.7.13.17

File size:
3.5 MB (3,623,528 bytes)

Product version:
11.00.9600.16428

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
ieinstal.exe.mui

File type:
Executable application (Win64 EXE)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/16/2015 4:00:00 AM

Valid to:
2/25/2016 3:59:59 AM

Subject:
CN=Consortium Group ltd, O=Consortium Group ltd, STREET="3RD FLOOR, C&h TOWERS,", STREET=CORNER OF GR.MARLBOROUGH UN GR.GEORGE STR., L=ROSEAU, S=ROSEAU, PostalCode=00152, C=DM

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D6D9F6CD54311DD57B715B621215CF32

File PE Metadata
Compilation timestamp:
1/8/2016 7:41:46 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:BqZ4sKq8ZmFTlf+gU9Fwr2Ows8J3xT2SXheqChovelSYr0R:BKD8ZXdTwr2M8FdheqYovxX

Entry address:
0x2E7210

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
3.3 MB (3,493,888 bytes)

The file tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe has been seen being distributed by the following URL.

Remove tanki_vtoroy_mirovoy_t-34_protiv_tigra.exe - Powered by Reason Core Security