» file-repair-setup.exe
Overview
Analysis
File Details
Downloads (1)

file-repair-setup.exe

File Repair

The executable file-repair-setup.exe, “File Repair Setup ” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.filerepair1.com.

File name:

Publisher:

File Repair

Product:

File Repair

Description:

File Repair Setup

Version:

2.1

MD5:

d4eede672118e58bb7f417fa4ecdce00

SHA-1:

239d3b1608b83d1370766ae9680e4b6671924f2e

SHA-256:

812fe7ec43042b1bfade03d7914ee8cc00b7c65a704799967e5df97efc8bd51a

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

12/27/2024 12:10:21 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Sality

160215-2

AVG

Win32/Sality

2015.0.4530

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.664.0

Norman

Win32.Sality.3

29.02.2016 03:11:57

File size:

1 MB (1,098,672 bytes)

Product version:

2.1

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\file-repair-setup.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:nnvHeeInOxJzpKG3nbHgYBEW4k31wRK2TbwwKfGfR/ZEPqZTGUP7I:nvN7zn3bAiEWzFwKQbJQG7vZ77I

Entry address:

0x9C40

Entry point:

BF, F9, D4, DC, 0C, 68, 4B, 91, D3, 00, 69, CA, 9B, EF, 8F, 48, 8D, 15, 4C, 72, 2D, 54, 81, D5, 4E, D1, 94, 40, 0F, BE, FE, 4A, 87, FF, 84, E0, 3B, CF, FF, CA, 3B, DE, 69, C1, E2, F4, FA, 1E, 69, F7, 4A, 13, 98, 2A, 8A, FD, 69, D9, CE, 64, 91, 6E, 08, D4, 0F, AF, C2, 39, F7, 8D, 35, 38, 3B, B4, CB, 80, F7, B1, 86, D9, E8, 6B, 00, 00, 00, 8D, 3D, 69, 74, BD, 3B, C6, C6, 2F, B3, 0C, 84, F0, 42, F6, C1, FD, 8A, FB, 8D, 05, 61, 00, 00, 00, F6, C0, 36, 6B, C0, 22, FE, C3, 8D, 2D, 69, 39, 18, 50, 8A, D6, 41, F7... 
[+]

Entropy:

7.9826 (probably packed)

Code size:

37 KB (37,888 bytes)

The file file-repair-setup.exe has been seen being distributed by the following URL.

http://www.filerepair1.com/.../file-repair-setup.exe

Remove file-repair-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.