watchmen-the-end-is-nigh-complete-collection-2009-pc--repack-ot-r.g.-mehaniki.exe

Операционная система Microsoft Windows

LLC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application watchmen-the-end-is-nigh-complete-collection-2009-pc--repack-ot-r.g.-mehaniki.exe, “Исполняемый файл для игры "Солитер"” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed by LLC )

Product:
Операционная система Microsoft® Windows®

Description:
Исполняемый файл для игры "Солитер"

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
f441d2e9200b9450ea6edbca499eb966

SHA-1:
db65b737701faf7f57beb58137b64f7e0248ac1e

SHA-256:
d001f1802a80d81cce674a61d0b91c58eda65466a0542043199662e58369b110

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 12:51:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize
16.8.28.18

File size:
2.9 MB (3,056,760 bytes)

Product version:
6.1.7600.16385

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
freecell.exe.mui

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\watchmen-the-end-is-nigh-complete-collection-2009-pc--repack-ot-r.g.-mehaniki.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/17/2016 4:00:00 AM

Valid to:
7/9/2017 3:59:59 AM

Subject:
CN="LLC ""TCM""", OU=IT, O="LLC ""TCM""", STREET="vul. Dzerzhynskoho, 37", L=Dnipropetrovsk, S=Dnipropetrovska, PostalCode=49000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
27DBE55E53BFEEB479C49E640598529F

File PE Metadata
Compilation timestamp:
3/16/2016 3:46:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:gbdTpmsoP604TBtg23Tx+VOaPCR8GBYUHRQIxezq+AFmIHivGBY:+dVVoEB3+IaPmd2T8DivSY

Entry address:
0x1000

Entry point:
6A, 70, 68, 90, 50, 40, 00, E8, D0, 01, 00, 00, 33, DB, 53, 8B, 3D, 10, 50, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 30, 50, 40, 00, 59, 83, 0D, 88, 70, 80, 00, FF, 83, 0D, 8C, 70...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
14 KB (14,336 bytes)

The file watchmen-the-end-is-nigh-complete-collection-2009-pc--repack-ot-r.g.-mehaniki.exe has been seen being distributed by the following URL.

http://heapswim.ru/1471604473301282639/watchmen-the-end-is-nigh-complete-collection-2009-pc--repack-ot-r.g/.../?load=1&ippid=1