home

power+gear+leveling+syste_10924_i84754712_il345.exe

Internet Download Manager installer

KASHTAN OOO

The executable power+gear+leveling+syste_10924_i84754712_il345.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Tonec Inc.  (signed by KASHTAN OOO)

Product:
Internet Download Manager installer

Version:
6, 25, 2, 1

MD5:
06cef672f98199a5787b994abfdccd79

SHA-1:
f7120243e9450d11bfff37513c2ff6055cbb7968

SHA-256:
2507dd561af240d7779c03c9601f7ea50a1fac48a20e4e8b3f9406abc0437f4c

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/15/2024 11:56:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.12.17

File size:
3.7 MB (3,899,096 bytes)

Product version:
6, 25, 2, 1

Copyright:
© 1999-2015. Tonec, Inc. All rights reserved.

Trademarks:
Internet Download Manager (IDM)

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\power+gear+leveling+syste_10924_i84754712_il345.exe

Digital Signature
Signed by:
KASHTAN OOO

Authority:
Thawte, Inc.

Valid from:
7/4/2015 5:00:00 PM

Valid to:
5/21/2016 4:59:59 PM

Subject:
CN=KASHTAN OOO, O=KASHTAN OOO, L=Naberezhnye Chelny, S=Tatarstan republic, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
468BE39F7FCABE2D4D2D070862DD916B

File PE Metadata
Compilation timestamp:
11/14/2015 10:42:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3ADD1A

Entry point:
68, 0E, 88, CB, 07, E8, 6D, 76, FD, FF, 60, 97, C3, 19, C4, 5E, E6, 5E, 99, 70, 6D, 2D, AC, 81, 02, 1F, 02, 3E, C9, 95, E8, 89, 8B, BC, A9, D4, 69, 23, A3, 9A, 40, 27, 78, 07, F5, 88, DF, 7C, 66, A7, DA, AE, C2, 1B, 72, E8, 5C, 32, 86, 90, 4A, 30, 14, 37, AF, 75, 6F, 22, B5, 03, 1E, 5D, 20, DB, A0, FD, 6B, 6F, EA, CB, 3C, 44, 2E, 1C, C6, C3, A0, 98, 9A, 80, 08, 07, 69, 8A, 11, 1E, B7, A1, 4F, 1F, 76, 2B, 37, 53, 7E, 1C, E6, 67, 2F, B0, CA, 30, B0, 55, 01, D0, 12, 9B, 3D, 5C, 01, AD, 4D, 3C, 64, 41, 85, A4...
 
[+]

Entropy:
7.5336

Code size:
3.3 MB (3,453,440 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.