» andy_46.16_66.exe
Overview
Analysis
File Details
Downloads (1)

andy_46.16_66.exe

Mitoru

Andy OS, Inc.

The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.headdownloadstower.com.

File name:

andy_46.16_66.exe

Publisher:

Andy OS, Inc. (signed and verified)

Product:

Mitoru

Description:

Mitoru Setup

MD5:

27a8d13977c62058aae1f40d6bab3b74

SHA-1:

30b5a4fa46afc1dbe1514765bb9cd460809f6559

SHA-256:

fdea2a8ab04b73f720bce4fdb2200783817a084c8319f7d279c1d531ee316187

Scanner detections:

1 / 68

Status:

Inconclusive (probably just a false positive detection)

Analysis date:

11/23/2024 9:57:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

17.3.16.0

File size:

1.2 MB (1,281,832 bytes)

Product version:

4.4

Lite

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\andy_46.16_66.exe

Digital Signature

Signed by:

Andy OS, Inc.

Authority:

Symantec Corporation

Valid from:

7/11/2016 5:00:00 AM

Valid to:

7/12/2017 4:59:59 AM

Subject:

CN="Andy OS, Inc.", O="Andy OS, Inc.", L=San Francisco, S=California, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

7ECC65E43385372D7CE6F2B90BD09B27

File PE Metadata

Compilation timestamp:

6/20/1992 3:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file andy_46.16_66.exe has been seen being distributed by the following URL.

http://www.headdownloadstower.com/D3yIYr sa0KJ5__LHxpiAY6NCAa2rgz_hPH0Hsb7MaHaBqzaT9TERIpRJ0M FCU1G4ESiXsCFFhxsBNzpqMnZwMRjz7QsTI1awau6aE5ppAh5eUoeK7aoG hiUu3BfkBpZNTnZ 26OUgCX5yqwTFrQOCswerrn9BHqDXabKcFYZxZK18bIM9KYqMcVwX5iRtMa0kj2858DjzHoHAL2IYaLyWLJcwXtuZ4vZA5QEiQ44mPxPhaPWfMSYNGCbncfSUVji5QxLYpectsxr4oM6P9LkJoRxueNTpv29chRSOdtunnXapIvI OA c21Spq7UIVs51 U8AuBXrb14467SCtWOPEVtXjbGZ1thOy81ApuEc9U43JM=-G0AAAEQ3F5siyPpTkoOGFw8ejnYhhgykkca6D8SNBcWjnT51j_sjnxXFX8ErfUxBAgOsoRQd

Scan andy_46.16_66.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.