windows-8.1-enterprise-torrent.exe

Thunderbird

INTIS

The application windows-8.1-enterprise-torrent.exe by INTIS has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from torrent.zbkutgq5.bget.ru.
Publisher:
Mozilla Corporation  (signed by INTIS)

Product:
Thunderbird

Description:
Studia AC Inst

Version:
31.2.0

MD5:
bc21093034a1a2ec60464a3283ff25bc

SHA-1:
1f9e9abff367129795ffff7cfe66aa135d4a2031

SHA-256:
d51001fd6e42e1d253c2db82fda9de22617a9a13083aa339ead8b28d210301fb

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:26:01 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Ticno.1471
9.0.1.05190

Norman
Gen:Variant.Symmi.63391
19.05.2016 01:04:49

Reason Heuristics
PUP.FileTour.INTIS (M)
16.6.20.20

File size:
2.3 MB (2,425,800 bytes)

Product version:
31.2.0

Copyright:
©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Trademarks:
Thunderbird is a Trademark of The Mozilla Foundation.

Original file name:
thunderbird.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\windows-8.1-enterprise-torrent.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/16/2016 2:00:00 AM

Valid to:
4/17/2017 1:59:59 AM

Subject:
CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata
Compilation timestamp:
5/19/1992 8:01:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:ib1nhFfbRkiPZn+DSHlCa4rIZ4vDUkukZi4R:ibHpbKip0Sa7Ikuj4R

Entry address:
0x649319

Entry point:
57, 68, DA, 94, A4, 00, 9C, FF, 44, 24, 04, 9D, C3, C7, FF, E1, 68, FD, 91, A4, 00, C3, EC, 81, C1, 62, B2, 2A, 00, EB, EF, 31, 29, 85, 81, 2C, 24, 1C, D3, 68, 6F, E9, 07, FF, FF, FF, A8, CD, 81, E9, 30, AE, A2, FF, 68, 3D, 99, A4, 00, 9C, FF, 4C, 24, 04, 9D, C3, 09, 59, E9, 7F, FD, FF, FF, D4, 29, E1, 05, 2C, FB, 0F, FF, E9, E8, 02, 00, 00, 73, 9C, 81, EA, DF, 31, 4C, 00, 68, 39, 3D, 35, DF, 9C, 81, 6C, 24, 04, 36, 9F, 90, DE, 9D, C3, 6E, 1C, B8, 33, C1, 83, 01, 68, 11, A2, A4, 00, C3, A9, F9, 05, C1, 0A...
 
[+]

Code size:
2 MB (2,079,744 bytes)

The file windows-8.1-enterprise-torrent.exe has been seen being distributed by the following URL.

Remove windows-8.1-enterprise-torrent.exe - Powered by Reason Core Security