home

warandwork.exe

Ivan Gritsenko

This is a setup program which is used to install the application. The file has been seen being downloaded from warandwork.ru.
Publisher:
Ivan Gritsenko  (signed and verified)

MD5:
5f1d35aafe7f5a6e599345a4aa4d3b90

SHA-1:
62b6865474f561ec3a46640c3527e96dda9d3fea

SHA-256:
4c1f86d934ccc6122de3a1211ce2a8079692a535d510e8e9fd50de29b73031a9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 9:38:44 AM UTC  (today)

File size:
1 MB (1,072,568 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\sukone tei\warandwork.exe

Digital Signature
Signed by:
Ivan Gritsenko

Authority:
COMODO CA Limited

Valid from:
2/22/2016 3:00:00 AM

Valid to:
2/20/2017 2:59:59 AM

Subject:
CN=Ivan Gritsenko, O=Ivan Gritsenko, STREET=Pyatnitskoe shosse 6-4-185, L=Moscow, S=Moscow, PostalCode=125464, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC9D0FD39D11E038DBA574BE1ECF5691

File PE Metadata
Compilation timestamp:
3/26/2016 10:45:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:EMpm9LzXPVBoL8f+wmlvfMO+H2j2fXDkCGtmA7P2:EMw9LrPYLPwmNL+Wjebue

Entry address:
0x1E1589

Entry point:
68, D2, E5, 58, 16, C7, 04, 24, EA, 9E, 47, F9, 60, C7, 44, 24, 1C, 48, 23, B4, 29, 60, C6, 04, 24, EE, 9C, 88, 2C, 24, 8D, 64, 24, 40, E9, 26, 67, 00, 00, 8B, 75, 0C, E9, B4, 4C, F1, FF, 66, 0F, C8, 60, 8B, 44, 24, 20, FF, 34, 24, 8D, 64, 24, 28, 0F, 87, 73, 09, 00, 00, 60, E9, BC, F9, F2, FF, E0, 9C, F5, 76, B2, 70, C7, 4D, 44, 14, C6, 56, D9, 25, 62, 03, B2, C5, 65, 48, 38, ED, BC, FB, 8A, D5, B4, 1F, 57, 46, EF, 74, 52, D7, BE, 19, 59, A8, 0F, 2B, BF, 84, 01, 9C, 80, 87, 33, 83, 69, 9D, 34, 75, 3E, 26...
 
[+]

Code size:
92 KB (94,208 bytes)

The file warandwork.exe has been seen being distributed by the following URL.

http://warandwork.ru/.../WarAndWork.exe

Scan warandwork.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.