» bundle301016221522z.exe
Overview
Analysis
File Details

bundle301016221522z.exe

Операционная система Microsoft Windows

Feniks Tekhniks, TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable bundle301016221522z.exe, “Исполняемый файл для игры "Червы"” has been detected as malware by 1 anti-virus scanner.

File name:

Publisher:

Microsoft Corporation (signed by Feniks Tekhniks, TOV)

Product:

Операционная система Microsoft® Windows®

Description:

Исполняемый файл для игры "Червы"

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

745dfcfea3f346b5ef2a5e30e633e1dd

SHA-1:

68d6b181ba951a3b794e722e5614662dca087a6c

SHA-256:

1eb3611dbafe236c9024a1264560ada798a9c4b8a5884b457f885c188fdc9b9b

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

5/9/2025 1:54:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.4.16

File size:

3.9 MB (4,095,168 bytes)

Product version:

6.1.7600.16385

Original file name:

hearts.exe.mui

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\bundle301016221522z.exe

Digital Signature

Signed by:

Feniks Tekhniks, TOV

Authority:

COMODO CA Limited

Valid from:

10/26/2016 4:00:00 AM

Valid to:

7/23/2017 3:59:59 AM

Subject:

CN="Feniks Tekhniks, TOV", OU=IT, O="Feniks Tekhniks, TOV", STREET="vul. Paustovskoho, 37", L=Kryzhanivka, S=Odeska, PostalCode=67562, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECFC08CCA71C4B36FF9DE8DC7CEF8E9B

File PE Metadata

Compilation timestamp:

9/11/2013 12:45:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x3D1DC6

Entry point:

E8, 53, 23, 00, 00, E9, 7F, FE, FF, FF, 83, EC, 0C, DD, 14, 24, E8, 6D, 2D, 00, 00, E8, 0D, 00, 00, 00, 83, C4, 0C, C3, 8D, 54, 24, 04, E8, 18, 2D, 00, 00, 52, 9B, D9, 3C, 24, 8B, 44, 24, 0C, 74, 51, 66, 81, 3C, 24, 7F, 02, 74, 05, E8, D0, 2C, 00, 00, A9, 00, 00, 00, 80, 75, 1F, D9, FA, 83, 3D, A4, 44, A3, 00, 00, 0F, 85, 43, 2D, 00, 00, BA, 05, 00, 00, 00, 8D, 0D, 80, 23, 7E, 00, E9, 40, 2D, 00, 00, A9, 00, 00, F0, 7F, 75, 2C, A9, FF, FF, 0F, 00, 75, 25, 83, 7C, 24, 08, 00, 75, 1E, EB, CC, E8, A5, 2C, 00... 
[+]

Code size:

3.9 MB (4,044,800 bytes)

Remove bundle301016221522z.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.