home

dibanextinstall.exe

INDEX CONSULTING S.L.

The executable dibanextinstall.exe has been detected as malware by 13 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.dibanext.com and multiple other hosts.
Publisher:
INDEX CONSULTING S.L.  (signed and verified)

MD5:
05e2f835ce705c38c60347861a3da4c2

SHA-1:
dac4c1c7faf1f5d42c73c7c9554dab4286fd037c

SHA-256:
c3f8e5c5f22d2b2718577095da67485cf573340dc7adc7109f766e62a75be8cb

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
11/15/2024 7:16:27 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
ASD.Prevention
2013.07.16

Avira AntiVirus
TR/Spy.382584.2
7.11.90.168

Bitdefender
Gen:Trojan.Heur2.GZ.SKX@b8EPU8Ui
1.0.20.1400

Comodo Security
UnclassifiedMalware
16598

Emsisoft Anti-Malware
Gen:Trojan.Heur2.GZ.SKX@b8EPU8Ui
8.14.10.07.01

G Data
Gen:Trojan.Heur2.GZ.SKX@b8EPU8Ui
14.10.22

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.2.0.3.0

McAfee
Artemis!05E2F835CE70
5600.6985

Norman
Downloader
11.20141007

SUPERAntiSpyware
Trojan.Agent/Gen-CoinMiner
10315

Trend Micro House Call
TROJ_GEN.USG08HC
7.2.280

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.22.2

VIPRE Antivirus
Trojan.Win32.Generic
19622

File size:
373.6 KB (382,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dibanextinstall.exe

Digital Signature
Signed by:
INDEX CONSULTING S.L.

Authority:
VeriSign, Inc.

Valid from:
10/15/2010 2:00:00 AM

Valid to:
10/15/2012 1:59:59 AM

Subject:
CN=INDEX CONSULTING S.L., OU=Software Developments, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=INDEX CONSULTING S.L., L=Sant Just Desvern, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6ADE6141FDE5662324F0097400777BA5

File PE Metadata
Compilation timestamp:
3/15/2010 7:27:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Tu2urzh9xu/XkauJzXbIrXa9Gdq0gK/sA5eAyHYlPZ7ZwqstVaeu7yGA:Tutrzh9xOXkFXMSGg2sUyHUR7Zs+7y

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Code size:
66 KB (67,584 bytes)

The file dibanextinstall.exe has been seen being distributed by the following 2 URLs.

http://www.dibanext.com/sp/.../dibanextinstall.exe

http://dibanext.roca.net/sp/.../dibanextinstall.exe

Remove dibanextinstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.