home

toshiba_satellite_l650_w7-rar.exe

CAPITAL SOFTWARE CONSULTANCY LTD

The application toshiba_satellite_l650_w7-rar.exe, “External Installer” by CAPITAL SOFTWARE CONSULTANCY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from s85f.storage.yandex.net.
Publisher:
CAPITAL SOFTWARE CONSULTANCY LTD  (signed and verified)

Description:
External Installer

Version:
1.0.21022.8

MD5:
050d6cf41d45367aa021eb4b72fa9c53

SHA-1:
39914e50b7d1b491e03d568bc1fe186236ed8b49

SHA-256:
9caec3f17d5938ba375c435ffe0d8f44dc193daf41a8f27b260654b3509b7833

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/28/2024 3:24:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CAPITALSOFTWARECONSULTANCY.Installer (M)
16.1.22.13

File size:
1.5 MB (1,621,856 bytes)

Product version:
1.0.21022.8

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\toshiba_satellite_l650_w7-rar.exe

Digital Signature
Signed by:
CAPITAL SOFTWARE CONSULTANCY LTD

Authority:
COMODO CA Limited

Valid from:
11/10/2015 3:00:00 AM

Valid to:
11/10/2016 2:59:59 AM

Subject:
CN=CAPITAL SOFTWARE CONSULTANCY LTD, O=CAPITAL SOFTWARE CONSULTANCY LTD, POBox=CF23 8SL, STREET=58 Cranbourne Way Pontprennau, L=Cardiff, S=South Glamorgan, PostalCode=CF23 8SL, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4125F00DB7D3D769AA161DDC92CC0CB3

File PE Metadata
Compilation timestamp:
7/24/2005 12:14:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:ah82V9eOi1sQN0F5f38gYGhov6G0BFcaqQej98WiuMVFkyNHSKSMR21TZZ8681EO:WUD0z8Sca8ih3NHS/wKsGW1B2jmh

Entry address:
0xACA7C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 4C, C5, 4A, 00, E8, A0, A0, F5, FF, A1, 6C, 10, 4B, 00, 8B, 00, E8, 04, C7, FA, FF, A1, 6C, 10, 4B, 00, 8B, 00, 33, D2, E8, 1A, C3, FA, FF, 8B, 0D, C4, 09, 4B, 00, A1, 6C, 10, 4B, 00, 8B, 00, 8B, 15, A0, 4E, 4A, 00, E8, F6, C6, FA, FF, 8B, 0D, 1C, 0B, 4B, 00, A1, 6C, 10, 4B, 00, 8B, 00, 8B, 15, 80, 4B, 4A, 00, E8, DE, C6, FA, FF, A1, 6C, 10, 4B, 00, 8B, 00, E8, 52, C7, FA, FF, E9, BC, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
687 KB (703,488 bytes)

The file toshiba_satellite_l650_w7-rar.exe has been seen being distributed by the following URL.

https://s85f.storage.yandex.net/rdisk/29e3dbcbe423a7acd85a123e35b727cc9224cd967a72c60bcb2427d8d97a1434/56a169c0/75gHDkkGiP7JzxcXvqo1MZVc4b911Lg88R-TsxpOmC6W6v5dKJvmq-VWCieDOSzRsiQ3HUGmx2xGgXXVBy1K-A==?uid=312266743&filename=toshiba_Satellite_L650_W7-rar.exe&disposition=attachment&hash=&limit=0&content_type=application/x-msdownload&fsize=1621856&hid=f4b2657d6b989eb0fad39649c0acf4d5&media_type=executable&tknv=v2&etag=050d6cf41d45367aa021eb4b72fa9c53&rtoken=876553fcd08c3e4d9acc94b407c85688&force_default=yes&ycrid=na-b1a378ee04c106d2e0810ca45b4031ef-downloader3g&ts=529e077ddf000&s=90d32a358b3829dff0aa923f3f5800267d7aefa6e1d8675285715d31491a2249&bp=/15/.../data-0.4:7646760195:1621856

Remove toshiba_satellite_l650_w7-rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.