home

warminewin.exe

Ivan Gritsenko

This is a setup program which is used to install the application. The file has been seen being downloaded from downloader.disk.yandex.ua.
Publisher:
Ivan Gritsenko  (signed and verified)

MD5:
854baef711d8ce40bf1e8f5cd0ebc515

SHA-1:
8a82ca25179be895739aaf475e031b51da8ad772

SHA-256:
01b5d61729d40169cba171a7502329dc3cde2345f5cc3cd018340c0d67826524

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 9:45:48 AM UTC  (today)

File size:
1.2 MB (1,265,080 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\warminewin.exe

Digital Signature
Signed by:
Ivan Gritsenko

Authority:
COMODO CA Limited

Valid from:
2/22/2016 2:00:00 AM

Valid to:
2/20/2017 1:59:59 AM

Subject:
CN=Ivan Gritsenko, O=Ivan Gritsenko, STREET=Pyatnitskoe shosse 6-4-185, L=Moscow, S=Moscow, PostalCode=125464, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EC9D0FD39D11E038DBA574BE1ECF5691

File PE Metadata
Compilation timestamp:
3/26/2016 9:46:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:MGQ+06DPWdy7x0dKhom2ICl8e2RtSIyL00M0cJNedFWnm2E52Tjnw:PFPJqKqcClF2bT0x6NuF6mLQTTw

Entry address:
0x1C6DA5

Entry point:
68, 0B, E1, A5, 9B, C7, 04, 24, 2C, E3, E4, 97, E8, 25, 40, 01, 00, B7, D2, 36, 03, 96, F6, 1A, 9F, 9F, 14, 8B, 4B, 77, 2C, CB, 6B, 76, C5, 11, 0E, 52, 77, A7, 7C, B6, A2, 4A, 88, 2A, 25, 9F, A3, EF, C4, 6D, CF, D8, 12, CB, 68, 80, 73, EF, DE, E3, 9F, A7, 1C, 5C, 19, 1C, 5E, 68, 13, 47, AB, E9, 38, 86, 33, 7C, D0, DD, FB, 3C, 1B, F1, 3F, 10, 11, 04, 7E, 50, 72, 2D, F3, F4, 4B, A7, 80, 48, 32, 49, 7A, B6, AD, 34, 9B, 42, 60, 79, AF, 18, 26, 87, 42, 1A, 48, 69, 9B, B4, A7, AC, 90, 5B, 31, CA, 5B, D1, 68, C1...
 
[+]

Code size:
92 KB (94,208 bytes)

The file warminewin.exe has been seen being distributed by the following URL.

https://downloader.disk.yandex.ua/disk/0b013cd42bb0a7e25c7207ce4c0ffe5dd44713e2f98c707932e93b4c192a8c87/572f86a1/.../x-msdownload&fsize=1265080&hid=c3bcaf11e7a6c9b5c468aa1cdce42225&media_type=executable&tknv=v2

Scan warminewin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.