» windows-8.1-pro-vl-by-kiryandr-v.21.08-x64.iso-torrent.exe
Overview
Analysis
File Details
Downloads (1)

windows-8.1-pro-vl-by-kiryandr-v.21.08-x64.iso-torrent.exe

ESET Smart Security

Force LLC

The application windows-8.1-pro-vl-by-kiryandr-v.21.08-x64.iso-torrent.exe, “Eset GUI Installer” by Force has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from win-torrent.net.

File name:

Publisher:

ESET (signed by Force LLC)

Product:

ESET Smart Security

Description:

Eset GUI Installer

Version:

3.0.695

MD5:

444031e0e2b42b573e393fb2930a16cb

SHA-1:

0eaaa38417b19a807f0a4314ee863b44c6934be2

SHA-256:

cde060fc517e87086eee33828248f5ff7d8ebe6b903e4436aab3bf9f82a4fb57

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 12:33:29 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Force.Installer (M)

16.2.16.16

File size:

1.1 MB (1,204,648 bytes)

Product version:

3.0.695

Trademarks:

NOD, NOD32, AMON, ESET are registered trademarks of ESET.

Original file name:

egui.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\windows-8.1-pro-vl-by-kiryandr-v.21.08-x64.iso-torrent.exe

Digital Signature

Signed by:

Force LLC

Authority:

COMODO CA Limited

Valid from:

5/5/2015 3:00:00 AM

Valid to:

5/5/2016 2:59:59 AM

Subject:

CN=Force LLC, O=Force LLC, POBox=119331, STREET=Vernandskogo 29, L=Moscow, S=Moscow, PostalCode=119331, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7F1FBFEC9EBD89CCB543E7C5811DE223

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:zlFtuz5yjjf9eW5Qtg1VdP/si1OX5hzmfg4HfSvrCRmzm:ztuzQmgTdP/si1Whi5Hfa4m

Entry address:

0xFB375

Entry point:

E9, 45, 9A, FF, FF, C9, E9, AD, 2A, 47, 19, DA, A8, E7, FD, 28, 32, 7D, 7F, 30, 16, 59, 57, 18, 32, E7, CD, 7F, 6F, 20, 36, 84, B0, FF, CD, 82, B8, F7, ED, A9, 51, 48, 69, 16, 64, 4C, 1F, 52, 6C, 23, 25, 31, 35, 18, ED, 0C, 28, E5, AC, 96, 43, 6D, 67, 47, 03, 17, 76, 64, A9, 73, 3C, 06, 51, 23, F7, F2, CA, AD, E4, 85, 8A, BD, 2E, C7, CD, 18, 16, 74, A4, 50, FF, 73, 02, 71, 61, 47, 14, 52, D5, 44, 88, 93, E7, CF, E2, 93, FA, AB, 44, 40, B7, 75, 8D, F0, B7, 9F, DB, 56, 39, C1, 8B, C7, E1, CC, B1, DC, 98, 87... 
[+]

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

649 KB (664,576 bytes)

The file windows-8.1-pro-vl-by-kiryandr-v.21.08-x64.iso-torrent.exe has been seen being distributed by the following URL.

http://win-torrent.net/.../classes/moneyinst/mi_request.php?sid=NDI=&url=aHR0cDovL3dpbi10b3JyZW50Lm5ldC9lbmdpbmUvZG93bmxvYWQucGhwP2lkPTE3MjU=&name=V2luZG93cy04LjEtUHJvLVZMLWJ5LWtpcnlhbmRyLXYuMjEuMDgteDY0Lmlzby50b3JyZW50&type=Ng==&href=http://win-torrent.net/.../download.php?id=1725

Remove windows-8.1-pro-vl-by-kiryandr-v.21.08-x64.iso-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.