» windows-7-x64x86-ultimate-sp1-by-uralsoft-torrent.exe
Overview
Analysis
File Details
Downloads (1)

windows-7-x64x86-ultimate-sp1-by-uralsoft-torrent.exe

iTo rr ent

Amulet

The application windows-7-x64x86-ultimate-sp1-by-uralsoft-torrent.exe, “Installer 1.5.0.1” by Amulet has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from win-load.z92527cf.bget.ru.

File name:

Publisher:

iTo r re nt LCC (signed by Amulet)

Product:

iTo rr ent

Description:

Installer 1.5.0.1

Version:

1.0.1.342

MD5:

40bbc87ceb9f8b6a9ec35edf0cd1ed46

SHA-1:

b908fd30821fb0ef40245c6529862243ff08b7ea

SHA-256:

4b09a389a36d6ea79a3f6ee151da7913f3708c3ae81de7b09bb3afe92bce9850

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 9:43:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.FileTour.Amulet.Installer (M)

16.6.16.0

File size:

2.1 MB (2,232,816 bytes)

Product version:

1.0.1.342

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Amulet

Authority:

COMODO CA Limited

Valid from:

12/18/2015 2:00:00 AM

Valid to:

12/18/2016 1:59:59 AM

Subject:

CN=Amulet, O=Amulet, POBox=127015, STREET="Vyatskaya, 70, pom.1", L=Moscow, S=Moscow state, PostalCode=127015, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B48E86D275ECE7BFC0A62B206428EDAC

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:SMadhbcBVDytrFeX6Ohp8zAWuhMSZIXDBE6kxxFkV:fadiBVDydk6OhwA3hMSZqDBEjxxFkV

Entry address:

0x63C004

Entry point:

68, 04, CD, A3, 00, C3, 3C, 8B, 4C, 24, 0C, 68, 8A, D0, A3, 00, 9C, FF, 44, 24, 04, 9D, C3, F6, E9, BB, 02, 00, 00, 2B, CF, 9D, 81, EA, 53, A1, 14, 00, 68, A4, D0, A3, 00, 9C, FF, 44, 24, 04, 9D, C3, 0B, D7, 52, BA, B6, 63, 0E, 00, E9, F7, 0B, 00, 00, 60, 7B, F7, FF, 10, E9, 88, 12, 00, 00, 24, 0F, 8B, 54, 24, 0C, E9, 1F, 0D, 00, 00, 6C, DC, 89, 11, E9, 82, 00, 00, 00, 2D, 51, 7D, 8D, 89, B8, 00, 00, 00, E9, 0D, 10, 00, 00, 18, 8E, B8, 17, AF, 27, 00, 68, 81, C9, A3, 00, 9C, FF, 44, 24, 04, 9D, C3, 8F, E9... 
[+]

Code size:

2 MB (2,083,328 bytes)

The file windows-7-x64x86-ultimate-sp1-by-uralsoft-torrent.exe has been seen being distributed by the following URL.

http://win-load.z92527cf.bget.ru/load/f.php?url=http://torrentwin.net/.../download.php?id=1607&name=windows-7-x64x86-ultimate-sp1-by-uralsoft.torrent

Remove windows-7-x64x86-ultimate-sp1-by-uralsoft-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.