hermes_syncmanager_install(broadmedia)_1.7.4_2011-12-14.exe

The executable hermes_syncmanager_install(broadmedia)_1.7.4_2011-12-14.exe has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from wiki.cdnetworks.com.
MD5:
8da0a18fc8234bd52a9bbd1c4d96608d

SHA-1:
9ccf37eb9452b670e4c85a8b3ef42712e4bef07e

SHA-256:
f1ba49a39971d390b509ef987bcdf4dd48d9c2b97e1c6865b40a8625dcf24ce0

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/14/2024 9:25:06 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Agent3
2015.0.3496

IKARUS anti.virus
Trojan.Win32.Webprefix
t3scan.1.6.1.0

Norman
Agent.VBTT
11.20140423

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28524

File size:
1.7 MB (1,738,496 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hermes_syncmanager_install(broadmedia)_1.7.4_2011-12-14.exe

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:YJnosb1MiXB8ErqznJHQ9PP2Bci0wJ997CwBW:QosnBDezJwNP2BZ0CftBW

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9893

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file hermes_syncmanager_install(broadmedia)_1.7.4_2011-12-14.exe has been seen being distributed by the following URL.