home

tornupdatepack.exe

Rungnapa Fongkerd

The application tornupdatepack.exe by Rungnapa Fongkerd has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dlmagnetdl.maynemyltf.netdna-cdn.com and multiple other hosts.
Publisher:
Rungnapa Fongkerd  (signed and verified)

MD5:
000f7a8b7f7f7e728e53b717af12f58b

SHA-1:
409129e8d939c0d0bbcaca1d88bcdf82ae596527

SHA-256:
824c603efd8cafabfaf25fa0aa5813096df7c1bf8f983325bb1baa90ce902474

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/26/2024 12:36:29 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Rungnapa
2015.0.3337

Dr.Web
Adware.Downware.8120
9.0.1.0271

McAfee
Artemis!000F7A8B7F7F
5600.6993

Reason Heuristics
PUP.RungnapaFongkerd.O
14.9.28.16

Sophos
FT Downloader
4.98

Trend Micro House Call
Suspici.D6982586
7.2.271

VIPRE Antivirus
Trojan.Win32.Generic
33390

File size:
557.2 KB (570,584 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\tornupdatepack.exe

Digital Signature
Signed by:
Rungnapa Fongkerd

Authority:
Thawte, Inc.

Valid from:
7/27/2014 8:00:00 PM

Valid to:
7/28/2015 7:59:59 PM

Subject:
CN=Rungnapa Fongkerd, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Thailand, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5EC13B211C7584BB92BAC58CF7ED1F63

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:bTArkXvrSVUWsx56vT84AADhMYzW/ccHWJoYn:bTAUvrSVUWg5yzvJ5

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9796

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file tornupdatepack.exe has been seen being distributed by the following 2 URLs.

http://dlmagnetdl.maynemyltf.netdna-cdn.com/.../TornUpdatePack.exe

http://www.torntv-downloader-dl.info/.../dldl.php?sp=1&pub=update

Remove tornupdatepack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.