» postanovlenie_plenuma_vs_rf_o_poboyah.exe
Overview
Analysis
File Details
Downloads (1)

postanovlenie_plenuma_vs_rf_o_poboyah.exe

DATAKOM

The application postanovlenie_plenuma_vs_rf_o_poboyah.exe by DATAKOM has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-10-4s-docs.googleusercontent.com.

File name:

Publisher:

DATAKOM (signed and verified)

MD5:

ebb666259b7349e04747f3a219339d80

SHA-1:

8177a2f5a2d896abfb59e9e710f4f23f4be418e4

SHA-256:

ba3dd38ce08f1299e4d65c790b8badb2a67aa79f40ecc964d5f76532bb6b1959

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 4:13:18 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCube.DATAKOM (M)

16.3.10.14

File size:

3.5 MB (3,617,880 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\postanovlenie_plenuma_vs_rf_o_poboyah.exe

Digital Signature

Signed by:

DATAKOM

Authority:

COMODO CA Limited

Valid from:

3/1/2016 4:00:00 AM

Valid to:

3/2/2017 3:59:59 AM

Subject:

CN=DATAKOM, O=DATAKOM, STREET="ul. Sovetskaja, 5", L=Magadan, S=RU, PostalCode=685000, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0087EB1BCFAC55DEE1AF546124A948B7D3

File PE Metadata

Compilation timestamp:

3/8/2016 2:52:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:W0n7vGnDygATs5oWU0fnFfF/ImSuYdnVPNh54ItUm/wxMm6UwWWBQ+GhuFTtF3KJ:WqGmqNtnA5r5VUwfBQeF3KPPtbqU

Entry address:

0x277270

Entry point:

55, 8B, EC, 6A, FF, 68, 50, D1, 74, 00, 68, 08, 80, 67, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 20, D0, 74, 00, 33, D2, 8A, D4, 89, 15, 4C, 21, 75, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 48, 21, 75, 00, C1, E1, 08, 03, CA, 89, 0D, 44, 21, 75, 00, C1, E8, 10, A3, 40, 21, 75, 00, 33, F6, 56, E8, E3, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AE, 08, 00, 00, FF, 15, 74, D0, 74, 00, A3, 58, 26, 75, 00, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

3.3 MB (3,454,976 bytes)

The file postanovlenie_plenuma_vs_rf_o_poboyah.exe has been seen being distributed by the following URL.

https://doc-10-4s-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/n44jcf9qknis853evb3i9bum18us68qb/1457481600000/00197549803282673951/.../0Bzz_5JIECO11Q2c2cl9PVU55TEk?e=download

Remove postanovlenie_plenuma_vs_rf_o_poboyah.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.