win7x64.iso-torrent.exe

SpecKomServis

The application win7x64.iso-torrent.exe by SpecKomServis has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from win-load.z92527cf.bget.ru.
Publisher:
SpecKomServis  (signed and verified)

MD5:
865674ac8fa9f9e1e0a533e71c46ea92

SHA-1:
53792882ac3b623929483e6f6b7b4b1969a80a81

SHA-256:
b4dfba84eb2f8659c8c72b52b9bd473e7f7370cff7b3687f7d02d332245745b3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:58:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FileTour.SpecKomS (M)
16.5.5.2

File size:
2.1 MB (2,234,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\win7x64.iso-torrent.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/7/2016 2:00:00 AM

Valid to:
3/8/2017 1:59:59 AM

Subject:
CN=SpecKomServis, O=SpecKomServis, STREET="ul. V/Ch 92926, 31, 18", L=d. Starye bateki, S=RU, PostalCode=214525, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
04639A5282897BF9A950EA0310EAC9D9

File PE Metadata
Compilation timestamp:
2/9/2014 5:13:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:jfbOeA3Xj0MYQceH0YMw7xFlJngQwrb1FM3D4LMcus:jJ8TYQcwIylyQwrb1FMSM0

Entry address:
0x1006

Entry point:
E9, 96, 00, 00, 00, DB, 8B, F2, EB, 03, 94, 39, EF, FF, E2, F2, EB, 03, 44, E6, F9, 68, FA, D5, D8, 60, 9C, 81, 44, 24, 04, 40, 58, 67, 9F, 9D, C3, B8, 71, F2, EB, 02, C8, A9, 53, EB, 03, 0E, D8, E0, E9, 8F, 63, 00, 00, D9, EC, 0B, EB, 03, E8, 4A, A6, 64, FF, 35, 00, 00, 00, 00, F3, EB, 03, A1, 08, A2, 68, 98, 4E, 40, 00, 9C, FF, 44, 24, 04, 9D, C3, 2D, 22, 70, F2, EB, 01, EC, F2, EB, 03, D9, 18, 6A, F3, EB, 03, 73, 55, B9, 68, 0B, 48, 40, 00, 9C, FF, 44, 24, 04, 9D, C3, F7, A2, F3, EB, 02, 5D, 0F, 45, C7...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
836.5 KB (856,576 bytes)

The file win7x64.iso-torrent.exe has been seen being distributed by the following URL.

Remove win7x64.iso-torrent.exe - Powered by Reason Core Security