» tural_-_devochka_moya_zaycev_net.exe
Overview
Analysis
File Details

tural_-_devochka_moya_zaycev_net.exe

IT River

The application tural_-_devochka_moya_zaycev_net.exe by IT River has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory.

File name:

Publisher:

IT River (signed and verified)

Description:

Setup/Uninstall

Version:

51.52.0.0

MD5:

0314e9391fef8b252a11a42b1421feee

SHA-1:

de53313cd9762d39ddec9bfb1a05b4ee69e7026f

SHA-256:

48b5bc10b36d61217fd914b741532766168c121bb446c1e3e5f834bf08f138df

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 9:47:50 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ITRiver.Installer (M)

16.2.12.20

File size:

553.4 KB (566,632 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\tural_-_devochka_moya_zaycev_net.exe

Digital Signature

Signed by:

IT River

Authority:

COMODO CA Limited

Valid from:

2/25/2014 2:00:00 AM

Valid to:

2/26/2015 1:59:59 AM

Subject:

CN=IT River, O=IT River, STREET="Obolenskiy, 9", L=Moscow, S=Moscow oblast, PostalCode=119021, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0F02E0C593A3B9A15B22F5853C90D66B

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:lXk8nVE4Gq9h2y/DVNVym191wIaLk9Zy+3p+yBi2:lXD+4Gq9h2y/Dp+mtp+yBi2

Entry address:

0x15C0

Entry point:

83, 3D, 47, 70, 47, 00, 03, 75, 51, 8B, 0D, 47, 70, 47, 00, 89, 35, 87, 70, 47, 00, 89, 15, 93, 70, 47, 00, 89, 05, B4, 70, 47, 00, 85, F6, 74, 08, 89, 0D, CD, 70, 47, 00, EB, 2D, C7, 05, 27, 70, 47, 00, E7, 60, 01, 00, C7, 05, CB, 70, 47, 00, 36, 27, 01, 00, C7, 05, 33, 70, 47, 00, 92, 3A, 01, 00, 89, 1D, 30, 70, 47, 00, 66, C7, 05, 13, 70, 47, 00, 9E, 4B, E8, 19, F7, 06, 00, 89, 44, 24, F8, 8D, 35, 97, 70, 47, 00, C7, 46, 10, 52, 00, 00, 00, 2B, 1D, D1, 70, 47, 00, C3, 90, 55, 8B, EC, 83, C4, E0, 89, 45... 
[+]

Code size:

464.5 KB (475,648 bytes)

Remove tural_-_devochka_moya_zaycev_net.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.