» interstellar_2014_720p_hdts_hc_x264_aac_x264_pimp4003.exe
Overview
Analysis
File Details
Downloads (1)

interstellar_2014_720p_hdts_hc_x264_aac_x264_pimp4003.exe

The application interstellar_2014_720p_hdts_hc_x264_aac_x264_pimp4003.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from filestock.blob.core.windows.net.

File name:

MD5:

5c5ec118c90b857ca4234795577439c1

SHA-1:

e67da7724a15a57e30761cb5fcbfed1c243ceb00

SHA-256:

13b50d5edd9e497baa6a130ea189d5f046a4e8ea0e0adc6711e033bf2ea6d91b

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

5/14/2024 6:33:28 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

Kaspersky

not-a-virus:Downloader.Win32.TornTV

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1840.0

File size:

631.7 KB (646,840 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Scriptable Install System

Common path:

C:\users\{user}\downloads\interstellar_2014_720p_hdts_hc_x264_aac_x264_pimp4003.exe

File PE Metadata

Compilation timestamp:

12/6/2009 4:20:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:nZVay4DPn7Gf2iPI04XqENGVqkbc5c7qjfCFDM2mHX:nZQ7Py7QbTNGVlc5vfKDM2u

Entry address:

0x30CB

Entry point:

88, CF, 81, FF, 35, 4F, 00, 00, 76, 06, 8D, 0D, 35, 38, 05, 20, 84, EB, 4F, 2B, CF, C6, C4, 0B, F6, DF, 69, E9, 16, 66, 2D, 78, 85, C0, E8, 00, 00, 00, 00, BA, F7, EE, FC, 0F, 8D, 15, E7, 64, E5, 30, BB, 13, 1A, 00, 00, 15, 35, 8C, 54, C7, 81, F3, 0C, F7, 00, 00, 22, E4, 81, C3, 46, 0C, 00, 00, 59, 0F, BE, FA, EB, 0F, 3D, 69, C9, 1F, 1E, 0F, C8, C6, C6, 0E, BB, 8F, 4C, 62, 1E, EB, 07, 0F, AF, F1, 84, C4, 84, F7, 8B, EE, EB, 03, 0F, AF, D8, 0F, 6E, E1, 87, F1, 78, 01, 43, 86, D2, 3B, EE, 0F, 7E, E3, 8B, FA... 
[+]

Entropy:

7.9662 (probably packed)

Code size:

22.5 KB (23,040 bytes)

The file interstellar_2014_720p_hdts_hc_x264_aac_x264_pimp4003.exe has been seen being distributed by the following URL.

http://filestock.blob.core.windows.net/.../ttv_setup.exe

Remove interstellar_2014_720p_hdts_hc_x264_aac_x264_pimp4003.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.