archive.exe

Internet Explorer

Spektr AITI, TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application archive.exe, “Установщик надстроек Internet Explorer” by Spektr AITI, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from 92bf0b2244d6f077da9f879c.downfastoloaders.net.
Publisher:
Microsoft Corporation  (signed by Spektr AITI, TOV)

Product:
Internet Explorer

Description:
Установщик надстроек Internet Explorer

Version:
11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:
6509dff0e6529acdb1f7b714a6223e87

SHA-1:
9c324ba35bd9d767c39c15ec60d12bd5ba773c2b

SHA-256:
2cdd49edadc676e088b86828642b5b6e48e65810673eb7bf41ef0b9c202731c6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:18:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCube (M)
17.1.9.15

File size:
3.5 MB (3,655,736 bytes)

Product version:
11.00.9600.16428

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
ieinstal.exe.mui

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/24/2015 4:00:00 AM

Valid to:
12/24/2016 3:59:59 AM

Subject:
CN="Spektr AITI, TOV", OU=IT, O="Spektr AITI, TOV", STREET="Bud. 30 kv. 292, prospekt Vatutina", L=Kiev, S=Kiev, PostalCode=02189, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3694697EDF9F6EF8FF786FBBAD3234DF

File PE Metadata
Compilation timestamp:
1/12/2016 2:01:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x352100

Entry point:
55, 8B, EC, 6A, FF, 68, 88, 9A, 75, 00, 68, 80, 32, 75, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, DC, 70, 75, 00, 33, D2, 8A, D4, 89, 15, 78, A7, 75, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 74, A7, 75, 00, C1, E1, 08, 03, CA, 89, 0D, 70, A7, 75, 00, C1, E8, 10, A3, 6C, A7, 75, 00, 33, F6, 56, E8, CA, 0F, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 95, 0C, 00, 00, FF, 15, 68, 70, 75, 00, A3, B4, AC, 75, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.3 MB (3,497,984 bytes)

The file archive.exe has been seen being distributed by the following URL.

http://92bf0b2244d6f077da9f879c.downfastoloaders.net/.../?f=aab5339674fbb2676d758c9ad9c410942194ca69f9a35bc998d3ca709ced90bc00b8b404c7f21c80cab240155a266c7753c2e2ab064dcf3e3bcb393f3fb0ab72b8108e8656e75a3ea9396ef85167c500bb3c10d75381580058d995e69096acc38b318d51e89df5eaf68966d0018d121a663c806fd65a05ffdc3323555349d43b7e0c3cedf905bd55d07aa62b8813a9b3465939321be549aa772fa1e20bd3c953df7900c1af827d946b113b13a8fbcf1b1ef14842086d7ad968284f3827855e25fb63d7678b4d444e1b3bae110743bd04176c4e553bdda36a05274fd65861c2d4a0b883fd649baa058b21c42b440e

Remove archive.exe - Powered by Reason Core Security