home

5_5_6_r4_shadowinstaller.exe

5_5_6_R4_ShadowInstaller

The executable 5_5_6_r4_shadowinstaller.exe, “5_5_6_ShadowInstaller_R4” has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from westmoreland.vaci.com.
Product:
5_5_6_R4_ShadowInstaller

Description:
5_5_6_ShadowInstaller_R4

Version:
1, 0, 0, 0

MD5:
abe2817309c196797473e6c2b734e5e1

SHA-1:
606042cdccf82a77bfd8b1dd8d2bcfbb54e42946

SHA-256:
7b9199173b61c3ccc9b1220c6f3369fc7ccdb7ee04707013124e657464e85dce

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/25/2024 7:52:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
15.12.18.20

File size:
10.9 MB (11,440,128 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright (C) 2012

File type:
Executable application (Win32 EXE)

Language:
English

File PE Metadata
Compilation timestamp:
5/20/2010 5:05:40 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:gdvh+FdhZehXMnWyqIcv/dhZehPfydhZeh5G70MAvdhZehe44jLtUOxxCqUQdhZv:mQfmuWKcv1mFImoLYm45UOoymU7ZlO4D

Entry address:
0x1D0E

Entry point:
E8, 77, 30, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, F0, 40, 00, 89, 0D, B4, F0, 40, 00, 89, 15, B0, F0, 40, 00, 89, 1D, AC, F0, 40, 00, 89, 35, A8, F0, 40, 00, 89, 3D, A4, F0, 40, 00, 66, 8C, 15, D0, F0, 40, 00, 66, 8C, 0D, C4, F0, 40, 00, 66, 8C, 1D, A0, F0, 40, 00, 66, 8C, 05, 9C, F0, 40, 00, 66, 8C, 25, 98, F0, 40, 00, 66, 8C, 2D, 94, F0, 40, 00, 9C, 8F, 05, C8, F0, 40, 00, 8B, 45, 00, A3, BC, F0, 40, 00, 8B, 45, 04, A3, C0, F0, 40, 00, 8D, 45, 08, A3, CC, F0, 40...
 
[+]

Entropy:
7.8870  (probably packed)

Code size:
38.5 KB (39,424 bytes)

The file 5_5_6_r4_shadowinstaller.exe has been seen being distributed by the following URL.

http://westmoreland.vaci.com/.../5_5_6_R4_ShadowInstaller.exe

Remove 5_5_6_r4_shadowinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.