home

analyzer4.exe

Instyler Ex-it!

Instyler® Software

The executable analyzer4.exe has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.gaappraiser.com.
Publisher:
Instyler® Software

Product:
Instyler Ex-it!

Version:
2.14

MD5:
4085ce297359d9cefc565125d90654e2

SHA-1:
a29808acc3ff7ecb802acb7ed4e24f8f1aad7751

SHA-256:
f94bdf249988239a8ef9c51ea38d6bee64323cf00afd9c8b48c1ad6f07524dbb

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
11/24/2024 5:20:07 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.MulDrop
7.1.1

avast!
Win32:Malware-gen
2014.9-160105

AVG
Agent4.TFY.dropper
2017.0.2874

Clam AntiVirus
Win.Trojan.Agent-637712
0.98/21511

Dr.Web
Trojan.MulDrop3.46750
9.0.1.05

G Data
Win32.Trojan.Agent.6GG2E0
16.1.25

IKARUS anti.virus
Trojan.Agent4
t3scan.1.8.9.0

McAfee
Artemis!4085CE297359
5600.6530

Norman
Agent.WZZP
11.20160105

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.DL.Microjoin.eu!1173743880
23.00.65.16103

Trend Micro House Call
Suspicious_GEN.F47V0310
7.2.5

File size:
6.9 MB (7,277,308 bytes)

Product version:
2.14

Copyright:
Copyright © 2007 Instyler® Software

Trademarks:
Instyler® Software

Original file name:
stub.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\analyzer4.exe

File PE Metadata
Compilation timestamp:
2/20/2007 11:28:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
196608:amN7Sym3n1dhidUH9nFrcxN7zyGdt3xqreZdghj:amNO3n1OkJYNZb3xq6S

Entry address:
0x1000

Entry point:
6A, 00, E8, 13, 00, 00, 00, 50, E8, 4B, 00, 00, 00, 50, E8, 01, 00, 00, 00, CC, FF, 25, 00, 40, 40, 00, FF, 25, 04, 40, 40, 00, FF, 15, 14, 40, 40, 00, 8A, 08, B2, 22, 3A, CA, 75, 13, 8A, 48, 01, 40, 3A, CA, 74, 04, 84, C9, 75, F4, 38, 10, 75, 0E, 40, EB, 0B, 80, F9, 20, 7E, 06, 40, 80, 38, 20, 7F, FA, 8A, 08, 84, C9, 74, 05, 80, F9, 20, 7E, E7, C3, 55, 8B, EC, 81, EC, BC, 05, 00, 00, 53, 56, 57, BE, 30, 50, 40, 00, 8D, 7D, D4, 83, 4D, E0, FF, A5, A5, 33, DB, 89, 5D, C8, 89, 5D, F0, A4, FF, 15, 08, 40, 40...
 
[+]

Entropy:
7.9936  (probably packed)

Code size:
9 KB (9,216 bytes)

The file analyzer4.exe has been seen being distributed by the following URL.

http://www.gaappraiser.com/.../analyzer4.exe

Remove analyzer4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.