» torrent3.0-win.exe
Overview
Analysis
File Details

torrent3.0-win.exe

TGSM Inc.

The application torrent3.0-win.exe by TGSM has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

torrent3.0-win.exe

Publisher:

TGSM Inc. (signed and verified)

MD5:

6664d5916a41a93a40411b074dea1c6c

SHA-1:

861c0d62b06b58cfbf7f03cae356107de33ec833

SHA-256:

333342181e0a48109f79f5981ab5d5ce0f2be6d0f80de3f664ee47ce8917cfab

Scanner detections:

19 / 68

Status:

Adware

Analysis date:

4/25/2024 8:42:05 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.Kraddare

7.1.1

AhnLab V3 Security

PUP/Win32.Tor

2013.01.06

Avira AntiVirus

Adware/Kraddare.AX.3

7.11.55.250

AVG

OpenShopper.A

2015.0.3318

Bitdefender

Gen:Variant.Adware.Kraddare.3

1.0.20.1455

Dr.Web

Adware.OpenShopper.3

9.0.1.0291

Emsisoft Anti-Malware

Gen:Variant.Adware.Kraddare

8.14.10.18.09

ESET NOD32

Win32/Adware.Kraddare.AX (variant)

8.7864

Fortinet FortiGate

Riskware/Kraddare

10/18/2014

F-Secure

Gen:Variant.Adware.Kraddare.3

11.2014-18-10_7

G Data

Gen:Variant.Adware.Kraddare

14.10.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.1.122.0

K7 AntiVirus

Riskware

13.156.8074

McAfee

Artemis!6664D5916A41

5600.6974

NANO AntiVirus

Trojan.Win32.Kraddare.hdign

0.22.6.49175

Panda Antivirus

Suspicious file

14.10.18.09

Reason Heuristics

PUP.TGSM.N

14.10.18.9

Trend Micro House Call

TROJ_GEN.F47V0810

7.2.291

VIPRE Antivirus

Trojan.Win32.Generic

14866

File size:

1.3 MB (1,357,432 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\??3\redist\maps\download\torrent3.0-win.exe

Digital Signature

Signed by:

TGSM Inc.

Authority:

Thawte, Inc.

Valid from:

2/11/2011 9:00:00 AM

Valid to:

3/13/2012 8:59:59 AM

Subject:

CN=TGSM Inc., OU=Dev Team, O=TGSM Inc., L=Haeundae-gu, S=Busan, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5110A6616204B0264E74F3527FA2AA76

File PE Metadata

Compilation timestamp:

6/7/2009 6:43:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:BS0Yylq4yJlZ9U2R/geHJKGwPmSCS0bOz7a1JpsaqxxYuG1rrk:4ylql3U2RY0AtmS5OsaqxuuG9w

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9799

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove torrent3.0-win.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.