home

ac3filter_2_6_0b.exe

AC3Filter

Alexander Vigovsky

The executable ac3filter_2_6_0b.exe, “AC3Filter Setup ” has been detected as malware by 12 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.ac3filter.net.
Publisher:
Alexander Vigovsky

Product:
AC3Filter

Description:
AC3Filter Setup

MD5:
0aa03cafe5ee4024ac8d67bcebc1619d

SHA-1:
fda91415d19067413ddf99c4a88aa279365fbfbb

SHA-256:
3823ea3ceae6f88d6ee62a4b2055eb6c8a8a15d450f51f6636ba8e77b4aee4dd

Scanner detections:
12 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
1/15/2025 12:35:16 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160216-0

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6754.0

Norman
Win32.Sality.3
19.02.2016 10:08:15

File size:
4.1 MB (4,258,369 bytes)

Product version:
2.6.0b

Copyright:
Copyright (c) 2002-2013 by Alexander Vigovsky

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ac3filter_2_6_0b.exe

File PE Metadata
Compilation timestamp:
12/20/2011 7:46:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:RO0hGzmf6bVe0n+hn4orL8gcC5pAn/WZGEMLmRqj:RfGznR+Z58g35C/0GEW6qj

Entry address:
0x16478

Entry point:
60, 69, D1, 0A, 13, 75, A0, 89, CF, 0F, BC, F0, 09, F2, C0, ED, E4, 0F, AF, EA, 0F, BA, E0, FA, 31, F8, 0D, DD, 29, 96, B9, 81, EB, F9, C6, 00, 00, F7, C6, 25, 6C, 1E, AB, 81, EB, DD, 05, 00, 00, 49, 68, 5C, A3, B3, 00, 0F, B7, CE, 8B, DB, 8A, FA, 0F, AB, C0, 53, 68, 89, BE, 30, 00, 0F, AD, D5, E8, 62, 00, 00, 00, 86, EC, 39, C0, 22, DD, D1, F5, 0F, AC, C5, 9D, C0, D4, DC, 81, EB, 4E, C9, BC, 04, 0F, BA, EF, D6, 0F, C0, E9, C1, E5, 7A, 0F, AF, CA, 41, C0, D1, 1E, 6A, 00, 58, 0F, BE, EE, 33, C7, F7, D1, EB...
 
[+]

Entropy:
7.9903  (probably packed)

Code size:
84 KB (86,016 bytes)

The file ac3filter_2_6_0b.exe has been seen being distributed by the following URL.

http://www.ac3filter.net/downloads/releases/.../ac3filter_2_6_0b.exe

Remove ac3filter_2_6_0b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.