avgb897.exe

SilentInstaller

The application avgb897.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d3aecmmmp8gp26.cloudfront.net.
Product:
SilentInstaller

Version:
1.0.0.1

MD5:
4a293653c2cab1a57493460c7bf0597a

SHA-1:
f14e2dc8d21855f6ef7ccd0e1100811da3bd20df

SHA-256:
10f4a4e20e803aa6ca34b4152126cb9088f251366f0af12bc6de1586d2a5a643

Scanner detections:
30 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/25/2024 3:30:24 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.721855
5736169

Agnitum Outpost
PUA.Imali
7.1.1

AhnLab V3 Security
PUP/Win32.OfferInstaller
2015.12.02

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.2.4

Arcabit
Trojan.Adware.Kazy.DB03BF
1.0.0.627

avast!
Win32:Dropper-gen [Drp]
2014.9-151208

AVG
Downloader
2016.0.2902

Baidu Antivirus
Adware.MSIL.Imali
4.0.3.15128

Bitdefender
Gen:Variant.Adware.Kazy.721855
1.0.20.1710

Comodo Security
ApplicUnwnt
23688

Dr.Web
Trojan.Crossrider1.54918
9.0.1.0342

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.721855
10.0.0.5366

ESET NOD32
MSIL/Adware.Imali.C application
7.0.302.0

Fortinet FortiGate
Adware/Imali
12/8/2015

F-Secure
Gen:Variant.Adware.Kazy
5.15.21

G Data
Gen:Variant.Adware.Kazy.721855
15.12.25

IKARUS anti.virus
AdWare.MSIL.Imali
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18026

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1004

Malwarebytes
PUP.Optional.Bundler
v2015.12.08.05

McAfee
RDN/Generic PUP.x
5600.6558

MicroWorld eScan
Gen:Variant.Adware.Kazy.721855
16.0.0.1026

NANO AntiVirus
Trojan.Win32.Crossrider1.dymhtp
0.30.26.4751

Norman
Gen:Variant.Adware.Kazy.721855
28.10.2015 12:55:53

Panda Antivirus
Trj/GdSda.A
15.12.08.05

Sophos
Generic PUA PB (PUA)
4.98

SUPERAntiSpyware
Adware.Kazy/Variant
9461

Trend Micro
TROJ_GEN.R01TC0OK715
10.465.08

VIPRE Antivirus
MSIL.Adware.Imali
45554

ViRobot
Adware.Imali.398336[h]
2014.3.20.0

File size:
389 KB (398,336 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2014

Original file name:
SilentInstaller_dotnet4.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\avgb897.exe

File PE Metadata
Compilation timestamp:
11/1/2015 6:16:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:SiDcDx+HFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VmNdwQgM0oL:LcDEZwgVxGq86oH/MKvnolgqqK

Entry address:
0x6206E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5987

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
384.5 KB (393,728 bytes)

The file avgb897.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-1-45-42.compute-1.amazonaws.com  (52.1.45.42:80)

Remove avgb897.exe - Powered by Reason Core Security