» torntv2spack.exe
Overview
Analysis
File Details
Downloads (1)

torntv2spack.exe

Kanchana Khiandee

The application torntv2spack.exe by Kanchana Khiandee has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com.

File name:

torntv2spack.exe

Publisher:

Kanchana Khiandee (signed and verified)

MD5:

1065e9545658533c89b0718f3930702a

SHA-1:

3640f3ad50fb40d4eefc5bedd0b9fd1a50de018a

SHA-256:

9b7bfd8676d499d61084ddd7fb8b37a82fad0ff66bc95b28faa3c885a0901f23

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

11/27/2024 1:40:23 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-141208

Panda Antivirus

PUP/MultiToolbar.A

14.12.08.08

Reason Heuristics

PUP.KanchanaKhiandee.M

14.10.8.13

Trend Micro House Call

Suspici.568A457D

7.2.270

VIPRE Antivirus

Trojan.Win32.Generic

32932

File size:

279.8 KB (286,552 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\torntv2spack.exe

Digital Signature

Signed by:

Kanchana Khiandee

Authority:

Thawte, Inc.

Valid from:

9/8/2014 2:00:00 AM

Valid to:

9/9/2015 1:59:59 AM

Subject:

CN=Kanchana Khiandee, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1C0F6CB32F77CACE96D7BF647840EEF4

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:sQqbv2D21tjqsdeFFvabJeVrlRbuZdg45bluUpUOOY012:ae21tzdeTSbi6Z358wT012

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9380

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file torntv2spack.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/TornTV2SPack.exe

Remove torntv2spack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.