home

gta-turk.exe

CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti

The application gta-turk.exe by CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Sti has been detected as adware by 15 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.tamindir.com and multiple other hosts. While running, it connects to the Internet address 032-083-143-095.as39912.net on port 80 using the HTTP protocol.
Publisher:
CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti  (signed and verified)

Version:
1, 1, 0, 0

MD5:
1451f01db651080ecc27553fda65efbf

SHA-1:
54414ad29d851b0820b3b9b8183cc502425bf907

SHA-256:
26a922cba2cf44927a798a1d7845be72947786a31d2c269aa0b81c71cc5b4afb

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
4/24/2024 7:46:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12420985
740

avast!
Win32:Adware-gen [Adw]
2014.9-150125

Bitdefender
Trojan.Generic.12420985
1.0.20.125

Comodo Security
ApplicUnwnt
20831

Emsisoft Anti-Malware
Trojan.Generic.12420985
8.15.01.25.04

ESET NOD32
Win32/Adware.Cntads (variant)
9.11067

Fortinet FortiGate
Riskware/Cntads
1/25/2015

F-Secure
Trojan.Generic.12420985
11.2015-25-01_1

G Data
Trojan.Generic.12420985
15.1.24

McAfee
Artemis!1451F01DB651
5600.6874

MicroWorld eScan
Trojan.Generic.12420985
16.0.0.75

nProtect
Trojan.Generic.12420985
15.01.23.01

Reason Heuristics
PUP.CNTBilisimTeknolojisipazrekturltlhTicSti
15.1.25.16

Trend Micro House Call
Suspicious_GEN.F47V1211
7.2.25

VIPRE Antivirus
Trojan.Win32.Generic
36940

File size:
558.7 KB (572,096 bytes)

File type:
Executable application (Win32 EXE)

Language:
Ingilizce (Birlesik Krallik)

Common path:
C:\users\{user}\downloads\gta-turk.exe

Digital Signature
Signed by:
CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti

Authority:
COMODO CA Limited

Valid from:
2/6/2014 2:00:00 AM

Valid to:
2/6/2017 1:59:59 AM

Subject:
CN=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, O=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, STREET=273/1 Sk. Mansuroglu Mah. Narlibahce Sit. No:6 B1 Blok Daire:2, L=Izmir, S=Izmir, PostalCode=35030, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD38E0D9B8EC881E28CC1693FCA30FC5

File PE Metadata
Compilation timestamp:
1/29/2012 11:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:F6Wq4aaE6KwyF5L0Y2D1PqLpiRc8x2HcezZb3OtGdamVRjZH:TthEVaPqLcRc22HbzF+oEYVd

Entry address:
0xB9E90

Entry point:
60, BE, 00, 80, 47, 00, 8D, BE, 00, 90, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file gta-turk.exe has been seen being distributed by the following 4 URLs.

http://www.tamindir.com/indir/MjAxNC0xMi0yNyAxNDowNjoyOQ==/gta-turk/.../0

http://www.tamindir.com/indir/MjAxNS0wMS0wOCAxODozMTozNQ==/gta-turk/.../0

https://s3.amazonaws.com/indirso/.../GTA-Turk.exe

http://www.tamindir.com/indir/MjAxNS0wMS0wOCAxODozNzowMg==/gta-turk/.../0

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 202-35.vargonen.net  (178.18.202.35:80)

TCP (HTTP):
Connects to 033-083-143-095.as39912.net  (95.143.83.33:80)

TCP (HTTP):
Connects to 032-083-143-095.as39912.net  (95.143.83.32:80)

Remove gta-turk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.