» fifa_15_by_xatab-1632-torrent.exe
Overview
Analysis
File Details
Downloads (1)

fifa_15_by_xatab-1632-torrent.exe

Thunderbird

INTIS

The application fifa_15_by_xatab-1632-torrent.exe by INTIS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from downloader.disk.yandex.ru.

File name:

Publisher:

Mozilla Corporation (signed by INTIS)

Product:

Thunderbird

Description:

Media LLC Setup

Version:

31.2.0

MD5:

1b6a7d11eb1debbefb6f795dad0e272b

SHA-1:

69ed4017c8a2bf79403013728dd08bcbc3732480

SHA-256:

80af6853151f5c743d81784893de764d1beb6f1498ed3935a13c6aae827c2dbd

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 11:49:31 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.FileTour (M)

16.8.11.0

File size:

2.1 MB (2,252,744 bytes)

Product version:

31.2.0

©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Trademarks:

Thunderbird is a Trademark of The Mozilla Foundation.

Original file name:

thunderbird.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\fifa_15_by_xatab-1632-torrent.exe

Digital Signature

Signed by:

INTIS

Authority:

COMODO CA Limited

Valid from:

4/16/2016 4:00:00 AM

Valid to:

4/17/2017 3:59:59 AM

Subject:

CN=INTIS, O=INTIS, STREET="Prospekt 40-letija Pobedy, 69, 1, 8", L=Rostov-Na-Donu, S=RU, PostalCode=344072, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E0D42565A341BEBE1BAFBF6CA79F6420

File PE Metadata

Compilation timestamp:

3/6/2005 4:34:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

49152:qgYpb1nhFfbRkiPZn+DSHlCa4rIZ4skGVsit1aqbr:qBpbHpbKip0SaIjfSar

Entry address:

0x645003

Entry point:

50, EB, 11, 51, EB, 0E, 57, EB, 0B, 50, EB, 08, 52, EB, 05, 53, EB, 02, 33, F6, 90, BE, 55, 54, 02, 00, 58, 51, 4E, 75, FB, E9, 95, 06, 00, 00, 71, 59, 05, 79, D1, 27, 00, 68, AA, 61, A4, 00, 9C, FF, 4C, 24, 04, 9D, C3, 54, E3, 8D, 89, B8, 00, 00, 00, E9, 96, 02, 00, 00, B1, 9C, C8, E9, CB, 01, 00, 00, EC, 9D, 64, 89, 25, 00, 00, 00, 00, E9, 71, 01, 00, 00, F5, 8D, 94, AA, 0A, 9B, 7F, 16, 68, 96, 4F, 74, CF, 9C, 81, 44, 24, 04, 28, 01, 30, 31, 9D, C3, DF, 52, 68, 75, 54, A4, 00, 9C, FF, 44, 24, 04, 9D, C3... 
[+]

Code size:

2 MB (2,086,912 bytes)

The file fifa_15_by_xatab-1632-torrent.exe has been seen being distributed by the following URL.

https://downloader.disk.yandex.ru/disk/27b06d5f3b60af03f95a03c67682f50bfebb230c40a606b8a3c663a56d70b519/5762a395/.../x-msdownload&fsize=2252744&hid=693c9a41315360d0b69aa42084031f23&media_type=executable&tknv=v2&etag=1b6a7d11eb1debbefb6f795dad0e272b

Remove fifa_15_by_xatab-1632-torrent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.