FinalInstaller_dotnet2.exe

Installer

The application FinalInstaller_dotnet2.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from d22nes4susdva1.cloudfront.net. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Description:
Installer-H

Version:
1.0.0.0

MD5:
78870eba3a38128756f2f98d4fce54d9

SHA-1:
205578f83ff86efadb47efe6e0955876fa6d3e6f

SHA-256:
230c13628ac245faa8b6e695f7977cce7b8a89bd9ade294b50f8c72aaf739b4d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:39:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.FinalInstaller (M)
16.7.15.22

File size:
2.9 MB (3,056,640 bytes)

Product version:
1.0.0.0

Original file name:
FinalInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\finalinstaller_dotnet2.exe

File PE Metadata
Compilation timestamp:
3/5/2000 10:02:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:RFKRZFUI4lMgmjjTySlH4eBjMxXRhCsRQ:RWslXmOaH4eZMxP

Entry address:
0x2ECC9D

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 18, FF, FF, FF, 4B, 8A, C3, 66, 4B, 75, FC, 4A, 48, 0C, 00, FF, 73, 3C, 11, D0, BA, 7F, 96, 74, 74, 59, 81, DA, D8, E3, 78, 47, 81, E9, FD, FF, FF, 7F, 73, DC, 86, F0, F7, D2, 81, D9, E6, 13, 00, 00, 90, 8A, D6, BE, 12, 4E, 2B, 78, 90, 71, C7, 8A, F0, 04, 00, 4A, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, AF, B4, 47, 96, 40, 68, 2B, A0, F9, 65, E8, DA, FE, FF, FF, 87, CF, 89, 74, 24, 44, 40, E8, CA, FB, FF, FF, BF, 5E...
 
[+]

Entropy:
7.4447

Code size:
2.8 MB (2,979,840 bytes)

The file FinalInstaller_dotnet2.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):

Remove FinalInstaller_dotnet2.exe - Powered by Reason Core Security