» diskgetor-data-recovery-328.exe
Overview
Analysis
File Details
Downloads (1)

diskgetor-data-recovery-328.exe

DiskGetor Data Recovery

DNSSoft Ltd.

The executable diskgetor-data-recovery-328.exe, “DiskGetor Data Recovery Setup ” has been detected as malware by 8 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from chph.softwaretop.net.

File name:

Publisher:

DNSSoft Ltd.

Product:

DiskGetor Data Recovery

Description:

DiskGetor Data Recovery Setup

Version:

3.2.8.0

MD5:

625c272cc1aee6cebda4f8b6ed5ee2bd

SHA-1:

b90090bdf07b4cf1e1d7ff5f7ddc5f62c7622645

SHA-256:

68a2d4487e764f5407b99939b3c92495a4c66bc00fbc604ae65846c42815a3fe

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/23/2024 9:40:39 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160518-2

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.E.gen

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1840.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

3.9 MB (4,104,940 bytes)

Product version:

3.2.8.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\diskgetor-data-recovery-328.exe

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:A2/eP5YQrINaSAzi1p0fe5UwntorZiY3wx1kckknxm5IWKUXmUMZ4TqZrBz+RfOl:tmBYdNTAOSwjto17cjnJUzMZ9hxpSk

Entry address:

0x9B24

Entry point:

60, 0F, BA, F6, 78, 0F, B7, F8, 8D, 15, F3, 8A, 31, 48, F3, 80, C4, 8F, 0F, AF, C2, 33, CB, 0D, 9D, 5D, CB, 05, D0, D1, 0F, BD, F6, B4, 86, 0F, BC, DF, 4E, 88, E0, 33, ED, 87, F7, BD, 5D, B3, 00, 00, 0F, AF, FB, 81, C5, A0, 25, 00, 00, 89, DF, 69, DA, AA, AF, CA, E1, B7, BF, 33, D5, 0F, AF, F1, C7, C3, 3F, 39, BA, 8E, 8A, FA, 81, C0, 35, D7, AA, 25, 0F, AF, D7, 69, D0, 90, 35, F0, AC, 0F, BC, D7, 8B, DE, 0F, AC, D7, 56, C6, C3, 32, E8, 22, 00, 00, 00, 48, F3, 8D, 05, 41, 85, 67, B4, EB, 0B, 0F, A3, C1, 69... 
[+]

Entropy:

7.9983 (probably packed)

Code size:

37 KB (37,888 bytes)

The file diskgetor-data-recovery-328.exe has been seen being distributed by the following URL.

http://chph.softwaretop.net/2014/.../diskgetor-data-recovery-328.exe

Remove diskgetor-data-recovery-328.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.