home

apocalyptica_tfile_ru.exe

Downloader

AND LLC

The application apocalyptica_tfile_ru.exe by AND has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
AND LLC  (signed and verified)

Product:
Downloader

Version:
1, 0, 0, 0

MD5:
38d61c1a559eeb88b0604d16d6a6c199

SHA-1:
cc72a9787402d792945e13d157baacc731044f41

SHA-256:
83ae525c803f48b496fb8485de38763e35ea3e8654de81db698584681047ae0d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 12:13:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AND (M)
16.2.12.12

File size:
75.4 KB (77,232 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright 2013

Original file name:
Downloader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\apocalyptica_tfile_ru.exe

Digital Signature
Signed by:
AND LLC

Authority:
COMODO CA Limited

Valid from:
10/10/2013 3:00:00 AM

Valid to:
10/11/2014 2:59:59 AM

Subject:
CN=AND LLC, O=AND LLC, STREET="Marshala Fedorenko street, 7", L=Moscow, S=Moscow, PostalCode=125599, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
77019A082385E4B73F569569C9F87BB8

File PE Metadata
Compilation timestamp:
11/15/2013 7:16:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:3sBK19pdCehVBkCRzEavm6Hf22wjdNCIIgiUVzvOs/3:LPpdxBYaz9CDC0iSvj/3

Entry address:
0x1000

Entry point:
C1, DF, 0B, 89, C3, 11, C1, 47, D1, D7, C1, EE, 00, C1, FF, 13, 85, 2C, 24, 09, DA, C1, C9, 05, 1B, 1D, 6D, 5E, 40, 00, C1, CE, 03, 90, C1, DA, 0D, 47, 21, E8, C1, F8, 06, 81, C5, 36, 8F, 53, 5D, 33, 4C, 24, 10, FD, 19, C2, C1, E9, 1D, 90, BA, DC, CE, 2F, 47, C1, DA, 0C, 29, C0, F7, D5, 90, FD, C1, E0, 08, D1, E5, 41, FC, C1, ED, 1D, 21, D3, 87, FA, 39, 7C, 24, F4, C1, C0, 12, C1, CE, 1A, 2B, 44, 24, 14, 2B, 54, 24, FC, C1, DF, 12, 46, 85, FB, F7, D5, C1, DD, 12, 01, FF, 4D, C1, CD, 14, 31, CE, 81, 7C, 24...
 
[+]

Code size:
45.8 KB (46,938 bytes)

Remove apocalyptica_tfile_ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.