cainstaller.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts.
MD5:
c5470be283a497ad969dbcfe086e248d

SHA-1:
ad4e9618b7dd115ad056a065e2f273b4e5e93615

SHA-256:
e55a6d298c5c871afa7d807e09a0c7492a9c5b24bdc55c05f411614e3bec5dbd

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 8:54:03 AM UTC  (today)

Scan engine
Detection
Engine version

ViRobot
Trojan.Win32.A.Clicker.798073[h]
2014.3.20.0

File size:
779.4 KB (798,073 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

File PE Metadata
Compilation timestamp:
2/7/2002 12:42:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:TwXWP6uRafEOAB/K+jsNUTJQwya0mJqYwF3TRm:TmWiCafOJjsNqiwya0mJqDFFm

Entry address:
0x455E

Entry point:
83, EC, 0C, 53, 56, 57, FF, 15, 20, 71, 40, 00, 05, E8, 03, 00, 00, BE, 60, FD, 41, 00, 89, 44, 24, 10, B3, 20, FF, 15, 28, 70, 40, 00, 68, 00, 04, 00, 00, FF, 15, 28, 71, 40, 00, 50, 56, FF, 15, 08, 71, 40, 00, 80, 3D, 60, FD, 41, 00, 22, 75, 08, 80, C3, 02, BE, 61, FD, 41, 00, 8A, 06, 8B, 3D, F0, 71, 40, 00, 84, C0, 74, 0F, 3A, C3, 74, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 80, 3E, 00, 74, 05, 56, FF, D7, 8B, F0, 89, 74, 24, 14, 80, 3E, 20, 75, 07, 56, FF, D7, 8B, F0, EB, F4, 80, 3E, 2F, 75, 21...
 
[+]

Entropy:
7.9701

Packer / compiler:
Nullsoft PiMP Install System v1.x

Code size:
24 KB (24,576 bytes)

The file cainstaller.exe has been seen being distributed by the following 5 URLs.

http://lb.cdn.m6web.fr/d/c/a/38d8070d7ce2cff6417343e5bc88304f/586d38d6/soft/.../crack-attack_crack_attack_1.1.10_anglais_12536.exe

http://lb.cdn.m6web.fr/d/c/a/ac0d7cb20dbec976c59587b9f05b4647/589624dc/soft/.../crack-attack_crack_attack_1.1.10_anglais_12536.exe

http://www.kaboom.pl/files/download/1/4/.../crack-attack_www-kaboom-pl.exe

Scan cainstaller.exe - Powered by Reason Core Security