diskgetor-data-recovery-328.exe

DiskGetor Data Recovery

DNSSoft Ltd.

The executable diskgetor-data-recovery-328.exe, “DiskGetor Data Recovery Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from chph.softwaretop.net.
Publisher:
DNSSoft Ltd.

Product:
DiskGetor Data Recovery

Description:
DiskGetor Data Recovery Setup

Version:
3.2.8.0

MD5:
625c272cc1aee6cebda4f8b6ed5ee2bd

SHA-1:
b90090bdf07b4cf1e1d7ff5f7ddc5f62c7622645

SHA-256:
68a2d4487e764f5407b99939b3c92495a4c66bc00fbc604ae65846c42815a3fe

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/25/2024 7:36:24 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160518-2

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.E.gen
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.1840.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

File size:
3.9 MB (4,104,940 bytes)

Product version:
3.2.8.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\My documents\downloads\diskgetor-data-recovery-328.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:A2/eP5YQrINaSAzi1p0fe5UwntorZiY3wx1kckknxm5IWKUXmUMZ4TqZrBz+RfOl:tmBYdNTAOSwjto17cjnJUzMZ9hxpSk

Entry address:
0x9B24

Entry point:
60, 0F, BA, F6, 78, 0F, B7, F8, 8D, 15, F3, 8A, 31, 48, F3, 80, C4, 8F, 0F, AF, C2, 33, CB, 0D, 9D, 5D, CB, 05, D0, D1, 0F, BD, F6, B4, 86, 0F, BC, DF, 4E, 88, E0, 33, ED, 87, F7, BD, 5D, B3, 00, 00, 0F, AF, FB, 81, C5, A0, 25, 00, 00, 89, DF, 69, DA, AA, AF, CA, E1, B7, BF, 33, D5, 0F, AF, F1, C7, C3, 3F, 39, BA, 8E, 8A, FA, 81, C0, 35, D7, AA, 25, 0F, AF, D7, 69, D0, 90, 35, F0, AC, 0F, BC, D7, 8B, DE, 0F, AC, D7, 56, C6, C3, 32, E8, 22, 00, 00, 00, 48, F3, 8D, 05, 41, 85, 67, B4, EB, 0B, 0F, A3, C1, 69...
 
[+]

Entropy:
7.9983  (probably packed)

Code size:
37 KB (37,888 bytes)

The file diskgetor-data-recovery-328.exe has been seen being distributed by the following URL.

Remove diskgetor-data-recovery-328.exe - Powered by Reason Core Security