» 6469665546
Overview
Analysis
File Details
Downloads (1)

6469665546

TODO:

TODO: <Company name>

The file 6469665546, “InstallerManager ” has been detected as a potentially unwanted program by 17 anti-malware scanners. The file has been seen being downloaded from i28f.com.

File name:

6469665546

Publisher:

TODO:

Product:

TODO: <Product name>

Description:

InstallerManager

Version:

1.0.0.1

MD5:

24826761ba4d362e91097806a4dec13d

SHA-1:

2cf85aff347f5757842a10335b01d61c7b9d6e65

SHA-256:

02def4863b4d7300bae7de0e5bd133cb6d4b072de4b7f350d698a12ff56a18e7

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

1/13/2025 2:44:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2009693

792

Agnitum Outpost

PUA.InstallMetrix

7.1.1

Avira AntiVirus

TR/Zusy.2057728.2

7.11.214.140

avast!

Win32:Malware-gen

2014.9-150318

AVG

Adware Generic6

2016.0.3166

Bitdefender

Trojan.GenericKD.2009693

1.0.20.1690

Emsisoft Anti-Malware

Gen:Variant.Zusy.117657

8.15.03.18.11

ESET NOD32

Win32/AdWare.InstallMetrix (variant)

8.10825

F-Secure

Gen:Variant.Zusy.117657

11.2015-18-03_4

G Data

Trojan.GenericKD.2009693

14.12.24

IKARUS anti.virus

PUA.InstallMetrix

t3scan.1.8.6.0

Kaspersky

not-a-virus:AdWare.Win32.InstallMetrix

14.0.0.2325

MicroWorld eScan

Trojan.GenericKD.2009693

15.0.0.1014

NANO AntiVirus

Riskware.Win32.InstallMetrix.dmcstq

0.30.0.296

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.18.23

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

9989

VIPRE Antivirus

Threat.4150696

37788

File size:

2 MB (2,057,728 bytes)

Product version:

1.0.0.1

Original file name:

InstallerManager.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\6469665546

File PE Metadata

Compilation timestamp:

12/3/2014 12:34:56 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:9jaYRCG3vJw6nha/UHJL0e/zkNXkguVwdQvf/7HJItAWje:5N93Rw6nhS2L0e/gkguOdif/7H

Entry address:

0x137CBE

Entry point:

E8, A8, 8C, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, B0, A1, 5B, 00, 75, 02, F3, C3, E9, 31, 04, 00, 00, 55, 8B, EC, 51, 57, 8B, 7D, 10, 85, FF, 75, 17, E8, 36, 1B, 00, 00, C7, 00, 16, 00, 00, 00, E8, 57, 93, 00, 00, 33, C0, E9, AD, 00, 00, 00, 8B, 45, 0C, 85, C0, 74, E2, 8B, 4D, 08, 85, C9, 75, 06, 8B, 0F, 85, C9, 74, D5, 0F, B7, 11, 53, 33, DB, 56, 66, 85, D2, 74, 31, 0F, B7, 38, 8B, F0, 66, 85, FF, 74, 14, 8B, DF, 66, 3B, DA, 74, 0B, 83, C6, 02, 0F, B7, 1E, 66, 85, DB, 75, F0, 33, DB, 66, 39, 1E, 74, 0B, 83... 
[+]

Entropy:

6.4992

Code size:

1.4 MB (1,453,056 bytes)

The file 6469665546 has been seen being distributed by the following URL.

http://i28f.com/Installer.exe

Remove 6469665546 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.