» torntvdownloader4.exe
Overview
Analysis
File Details

torntvdownloader4.exe

Kanchana Khiandee

The application torntvdownloader4.exe by Kanchana Khiandee has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder.

File name:

Publisher:

Kanchana Khiandee (signed and verified)

MD5:

bfe3a4d711e463d622c5c5dbb4217caf

SHA-1:

bacfe2b2dcc1b0672ce549221194bb956b0425f1

SHA-256:

7ac12749c3051f9ef38a7c1bf12ee3dc15bc1e335b095e75903f1e841f4f9cc3

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

11/23/2024 8:26:27 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.CoolMirage (M)

16.10.26.6

File size:

277.8 KB (284,464 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\torntvdownloader4.exe

Digital Signature

Signed by:

Kanchana Khiandee

Authority:

Thawte, Inc.

Valid from:

9/7/2014 9:00:00 PM

Valid to:

9/8/2015 8:59:59 PM

Subject:

CN=Kanchana Khiandee, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1C0F6CB32F77CACE96D7BF647840EEF4

File PE Metadata

Compilation timestamp:

12/5/2009 8:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:iQqg4qUtoW1hAP9p/FqipXvV6VRHe3C13Fi7ik/WkofZY4+Mm:9UV1hu9JR5i1rg

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove torntvdownloader4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.