» windows-8.1-enterprise-torrent.exe
Overview
Analysis
File Details
Downloads (1)

windows-8.1-enterprise-torrent.exe

Thunderbird

INTIS

The application windows-8.1-enterprise-torrent.exe by INTIS has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from torrent.zbkutgq5.bget.ru.

File name:

Publisher:

Mozilla Corporation (signed by INTIS)

Product:

Thunderbird

Description:

Studia AC Inst

Version:

31.2.0

MD5:

bc21093034a1a2ec60464a3283ff25bc

SHA-1:

1f9e9abff367129795ffff7cfe66aa135d4a2031

SHA-256:

d51001fd6e42e1d253c2db82fda9de22617a9a13083aa339ead8b28d210301fb

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 9:37:58 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Ticno.1471

9.0.1.05190

Norman

Gen:Variant.Symmi.63391

19.05.2016 01:04:49

Reason Heuristics

PUP.FileTour.INTIS (M)

16.6.20.20

File size:

2.3 MB (2,425,800 bytes)

Product version:

31.2.0

©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Trademarks:

Thunderbird is a Trademark of The Mozilla Foundation.

Original file name:

thunderbird.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\windows-8.1-enterprise-torrent.exe

Digital Signature

Signed by:

INTIS

Authority:

COMODO CA Limited

Valid from:

4/16/2016 2:00:00 AM

Valid to:

4/17/2017 1:59:59 AM

Subject:

CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata

Compilation timestamp:

5/19/1992 8:01:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:ib1nhFfbRkiPZn+DSHlCa4rIZ4vDUkukZi4R:ibHpbKip0Sa7Ikuj4R

Entry address:

0x649319

Entry point:

57, 68, DA, 94, A4, 00, 9C, FF, 44, 24, 04, 9D, C3, C7, FF, E1, 68, FD, 91, A4, 00, C3, EC, 81, C1, 62, B2, 2A, 00, EB, EF, 31, 29, 85, 81, 2C, 24, 1C, D3, 68, 6F, E9, 07, FF, FF, FF, A8, CD, 81, E9, 30, AE, A2, FF, 68, 3D, 99, A4, 00, 9C, FF, 4C, 24, 04, 9D, C3, 09, 59, E9, 7F, FD, FF, FF, D4, 29, E1, 05, 2C, FB, 0F, FF, E9, E8, 02, 00, 00, 73, 9C, 81, EA, DF, 31, 4C, 00, 68, 39, 3D, 35, DF, 9C, 81, 6C, 24, 04, 36, 9F, 90, DE, 9D, C3, 6E, 1C, B8, 33, C1, 83, 01, 68, 11, A2, A4, 00, C3, A9, F9, 05, C1, 0A... 
[+]

Code size:

2 MB (2,079,744 bytes)

The file windows-8.1-enterprise-torrent.exe has been seen being distributed by the following URL.

http://torrent.zbkutgq5.bget.ru/down.php?url=http://windows10-torrent.net/.../download.php?id=1282&name=windows-8.1-enterprise.torrent

Remove windows-8.1-enterprise-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.