home

warmine.exe

Ivan Gritsenko

This is a setup program which is used to install the application. The file has been seen being downloaded from warmine.ru and multiple other hosts.
Publisher:
Ivan Gritsenko  (signed and verified)

MD5:
ac11ae5fd1f96bc48bbb84346338a5d9

SHA-1:
7947bd18bae9110c7caeb6317c784f8dac068f97

SHA-256:
9a9faae48fe9f3997aac6d691c1a016fcdbb39e5373a0fce9d1d35dc2eda4bb4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 9:49:06 AM UTC  (today)

File size:
1.2 MB (1,273,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\warmine.exe

Digital Signature
Signed by:
Ivan Gritsenko

Authority:
COMODO CA Limited

Valid from:
2/22/2016 3:00:00 AM

Valid to:
2/20/2017 2:59:59 AM

Subject:
CN=Ivan Gritsenko, O=Ivan Gritsenko, STREET=Pyatnitskoe shosse 6-4-185, L=Moscow, S=Moscow, PostalCode=125464, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC9D0FD39D11E038DBA574BE1ECF5691

File PE Metadata
Compilation timestamp:
5/15/2016 7:07:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:CbJFfnSy+XGprQmav5Rq71LJeay/xVQ5mKTjnTTjn:CbSy+WJ0fq71te5pXKTTTTT

Entry address:
0x1850A2

Entry point:
54, 60, 57, C7, 44, 24, 24, FF, B2, DF, 9A, 60, C7, 44, 24, 40, DA, 31, 72, 44, C6, 04, 24, 3A, 8D, 64, 24, 40, E9, 7B, A4, 01, 00, 0E, A5, 2A, C2, 11, AB, 5B, 66, 72, 69, 02, BF, 39, 4B, 69, 3B, 8C, 28, 8F, 04, 08, 05, FA, 40, ED, 96, 09, BA, 91, DE, 1D, A6, F9, 8A, 27, A1, 1E, 41, F9, C1, AA, C8, F0, C1, 15, 31, 7A, 0A, 95, 0F, A0, 24, 9B, 39, 8E, 06, A1, 53, 84, 78, 63, 79, 52, 92, 97, 66, 88, C0, 30, 53, 92, FA, BA, 63, B8, 80, 2C, 9F, 45, E4, E7, 40, 1F, 72, 68, D9, 7F, 7E, FA, 99, 98, A9, D6, 51, 8D...
 
[+]

Code size:
92 KB (94,208 bytes)

The file warmine.exe has been seen being distributed by the following 2 URLs.

http://warmine.ru/.../WarMine.exe

https://downloader.disk.yandex.com/disk/3a93ee7cbb6f08ce17c7eedb16e548cf2baadd3cef05519e499feed3c8e6252d/57651030/HbmnZZXl7AeE4lcMfUoGKIGCT1WWK0YmPREPDwo41JAfTPy11ZVeqU2AG_yVBJ0OvynnZ-Ce8_fgK46DZVBJtQ==?uid=0&filename=WarMine.exe&disposition=attachment&hash=NjVpxF6J2Qd4G5R9fAx0f2CFjV6E4IKpk/.../x-msdownload&fsize=1273784&hid=8106f5bd431e7bbcd6813f09d958bf62&media_type=executable&tknv=v2

Scan warmine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.